用于根据非日期类型的字段删除超过 30 天或更长时间的索引的策展人
Curator for deleting indices older than 30 days or more based on a field that isn’t of type date
{
"_index": "user:1494813192000",
"_type": "fruits",
"_id": "pbyac5r88-yghe-v1ez-cpgb-sqdjipr54alzgj/tp4oqalbd-bo2v-ikj1-atfq-wezcoeeuf6wiqpt/apple",
"_score": 1,
"_routing": "pbyac5r88-yghe-v1ez-cpgb-sqdjipr54alzgj",
"_source": {
"numCal": 442,
"eventTime": 1497315192000,
"fruitName": "apple"
}
这是我的 elasticsearch 中的索引的样子。 eventTime 是基于 UTC 的以毫秒为单位的当前时间。我想使用该字段通过策展人删除我的索引。
这就是我的 ACTION_FILE.YML 的样子
actions:
1:
action: delete_indices
description: >-
Delete indices older than 45 days (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
timeout_override:
continue_if_exception: False
disable_action: False
filters:
- filtertype: age
source: field_stats
field: 'eventTime'
direction: older
unit: days
unit_count: 30
exclude:
策展人是否支持根据非数据格式的字段进行删除?
{
"_index": "user:1494813192000",
"_type": "fruits",
"_id": "pbyac5r88-yghe-v1ez-cpgb-sqdjipr54alzgj/tp4oqalbd-bo2v-ikj1-atfq-wezcoeeuf6wiqpt/apple",
"_score": 1,
"_routing": "pbyac5r88-yghe-v1ez-cpgb-sqdjipr54alzgj",
"_source": {
"numCal": 442,
"eventTime": 1497315192000,
"fruitName": "apple"
}
这是我的 elasticsearch 中的索引的样子。 eventTime 是基于 UTC 的以毫秒为单位的当前时间。我想使用该字段通过策展人删除我的索引。
这就是我的 ACTION_FILE.YML 的样子
actions:
1:
action: delete_indices
description: >-
Delete indices older than 45 days (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
timeout_override:
continue_if_exception: False
disable_action: False
filters:
- filtertype: age
source: field_stats
field: 'eventTime'
direction: older
unit: days
unit_count: 30
exclude:
策展人是否支持根据非数据格式的字段进行删除?