"Clean up elasticsearch with curator. Installation and simple step-by step"
Here is a very simple way to remove old elastic search entries, based on timestamp.
✔ RHEL Linux 6.6
Should also work for:
✔ Any current RHEL based Linux like CentOs or Fedora
✔ Most mainstream Linux distros like Debean or Ubuntu
In short … this will install curator and remove all entries from local elasticsearch older than 1 day.
Please dont execute all 3 lines until you are sure you want the entries gone.
> yum -y install python-pip > pip install elasticsearch-curator > curator delete --older-than -1
Step by step
Get python package manager
> yum -y install python-pip > pip --version pip 1.3.1 from /usr/lib/python2.6/site-packages (python 2.6)
> pip install elasticsearch-curator > curator --version curator 2.0.2
Clean local elasticsearch
I wrote small bash for it
> cat clear_es.bash #!/bin/sh curator delete --older-than -1
./clear_es.bash to remove all but last day’s entries
More ways to clean elastic search
You can connect curator to host and port other than default and tune time from which things must be preserved
--host localhost --port 9200 -t (or --timeout) 30 -T (or --time-unit) days -p (or --prefix) logstash-
Lot more here https://github.com/elastic/curator/wiki.
INCOMING SEARCH TERMS