forked from imperialwicket/elasticsearch-logstash-index-mgmt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
elasticsearch-remove-old-indices.sh
executable file
·132 lines (110 loc) · 3.11 KB
/
elasticsearch-remove-old-indices.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
# elasticsearch-remove-old-indices.sh
#
# Delete logstash format indices from elasticsearch maintaining only a
# specified number.
# http://logstash.net
# http://www.elasticsearch.org
#
# Inspiration:
# http://tech.superhappykittymeow.com/?p=296
#
# Must have access to the specified elasticsearch node.
usage()
{
cat << EOF
elasticsearch-remove-old-indices.sh
Compares the current list of indices to a configured value and deletes any
indices surpassing that value. Sort is lexicographical; the first n of a 'sort
-r' list are kept, all others are deleted.
USAGE: ./elasticsearch-remove-old-indices.sh [OPTIONS]
OPTIONS:
-h Show this message
-i Indices to keep (default: 14)
-e Elasticsearch URL (default: http://localhost:9200)
-g Consistent index name (default: logstash)
-a HTTP Authentication String (optional)
-o Output actions to a specified file
EXAMPLES:
./elasticsearch-remove-old-indices.sh
Connect to http://localhost:9200 and get a list of indices matching
'logstash'. Keep the top lexicographical 14 indices, delete any others.
./elasticsearch-remove-old-indices.sh -e "http://es.example.com:9200" \
-i 28 -g my-logs -o /mnt/es/logfile.log
Connect to http://es.example.com:9200 and get a list of indices matching
'my-logs'. Keep the top 28 indices, delete any others. When using a custom
index naming scheme be sure that a 'sort -r' places the indices you want to
keep at the top of the list. Output index deletes to /mnt/es/logfile.log.
EOF
}
# Defaults
ELASTICSEARCH="http://localhost:9200"
KEEP=14
GREP="logstash"
AUTH=""
# Validate numeric values
RE_D="^[0-9]+$"
while getopts ":i:e:g:o:a:h" flag
do
case "$flag" in
h)
usage
exit 0
;;
i)
if [[ $OPTARG =~ $RE_D ]]; then
KEEP=$OPTARG
else
ERROR="${ERROR}Indexes to keep must be an integer.\n"
fi
;;
e)
ELASTICSEARCH=$OPTARG
;;
a)
AUTH="-u $OPTARG"
;;
g)
GREP=$OPTARG
;;
o)
LOGFILE=$OPTARG
;;
?)
usage
exit 1
;;
esac
done
# If we have errors, show the errors with usage data and exit.
if [ -n "$ERROR" ]; then
echo -e $ERROR
usage
exit 1
fi
# Get the indices from elasticsearch
INDICES_TEXT=$(curl -s "$ELASTICSEARCH/_status?pretty=true" $AUTH| grep $GREP | grep -v \"index\" | sort -r | awk -F\" {'print $2'})
if [ -z "$INDICES_TEXT" ]; then
echo "No indices returned containing '$GREP' from $ELASTICSEARCH."
exit 1
fi
# If we are logging, make sure we have a logfile TODO - handle errors here
if [ -n "$LOGFILE" ] && ! [ -e $LOGFILE ]; then
touch $LOGFILE
fi
# Delete indices
declare -a INDEX=($INDICES_TEXT)
if [ ${#INDEX[@]} -gt $KEEP ]; then
for index in ${INDEX[@]:$KEEP};do
# We don't want to accidentally delete everything
if [ -n "$index" ]; then
if [ -z "$LOGFILE" ]; then
curl -s -XDELETE "$ELASTICSEARCH/$index/" $AUTH
else
echo `date "+[%Y-%m-%d %H:%M] "`" Deleting index: $index." >> $LOGFILE
curl -s -XDELETE "$ELASTICSEARCH/$index/" $AUTH >> $LOGFILE
fi
fi
done
fi
exit 0