Is your feature request related to a problem? Please describe.
With a larger Timesketch setup, over time there can be many searchindex instances opened on the opensearch cluster. It is possible to manually archive a sketch in the UI which will close the searchindex on the opensearch side, limiting the consumption of resources.
Describe the solution you'd like
For an easy clean-up and resource management, I propose a feature in the tsctl admin tool that allows to easily archiving all sketches that are have not been touched for the last X days.
Describe alternatives you've considered
This can also be done with an external script and the API. However, having it integrated into the admin tool makes sense to me.
Is your feature request related to a problem? Please describe. With a larger Timesketch setup, over time there can be many searchindex instances opened on the opensearch cluster. It is possible to manually archive a sketch in the UI which will close the searchindex on the opensearch side, limiting the consumption of resources.
Describe the solution you'd like For an easy clean-up and resource management, I propose a feature in the
tsctladmin tool that allows to easily archiving all sketches that are have not been touched for the last X days.Describe alternatives you've considered This can also be done with an external script and the API. However, having it integrated into the admin tool makes sense to me.
https://github.com/google/timesketch/blob/master/timesketch/tsctl.py