Autorotate Elasticsearch

CSIRT-MU / Stream4Flow

A framework for the real-time network traffic analysis based on world-leading technologies for distributed stream processing, network traffic monitoring, and visualization.

https://csirt.muni.cz/?lang=en

MIT License

100 stars 36 forks source link

Autorotate Elasticsearch #20

Closed tomjirsa closed 7 years ago

tomjirsa commented 7 years ago

Explore possibilities for data rotation in elasticsearch (i.e. delete all indexes older than one month).

first, look for native settings in elasticsearch (whether the autorotate is possible)
second, look for other solutions (automatic scripts using e.g. cron)
present and chose solution
implement solution to ansible - if possible, make the rotation size parametrizable in global vars.

simkosvorad commented 7 years ago

Elasticsearch curator is i think the thing we are looking for url exactly url action. Also can be ran as a cron job.

tomjirsa commented 7 years ago

Try to look at Elastic Curator on github.

Suggested in StackOverflow and Elastic discuss forum

simkosvorad commented 7 years ago

To test autorate you can use

curl -XPUT 'consumer:9200/spark-2017.03.01?pretty' -H 'Content-Type: application/json' -d'
{
    "settings" : {
        "index" : {
            "number_of_shards" : 3,
            "number_of_replicas" : 2
        }
    }
}
'

for creating an index. to list all indices you can use: curl 'consumer:9200/_cat/indices?v'

tomjirsa commented 7 years ago

Closing, merged with master #31