Amazon-web-services – deleting old indexes in amazon elasticsearch

amazon-web-serviceselasticsearch

We are using AWS Elasticsearch for logs. The logs are streamed via Logstash continuously. What is the best way to periodically remove the old indexes?

I have searched and various approaches recommended are:

  1. Use lambda to delete old indexes – https://medium.com/@egonbraun/periodically-cleaning-elasticsearch-indexes-using-aws-lambda-f8df0ebf4d9f

  2. Use scheduled docker containers – http://www.tothenew.com/blog/running-curator-in-docker-container-to-remove-old-elasticsearch-indexes/

These approaches seem like an overkill for such a basic requirement as "delete indexes older than 15 days"

What is the best way to achieve that? Does AWS provide any setting that I can tweak?

Best Answer

Elasticsearch 6.6 brings a new technology called Index Lifecycle Manager See here. Each index is assigned a lifecycle policy, which governs how the index transitions through specific stages until they are deleted.

For example, if you are indexing metrics data from a fleet of ATMs into Elasticsearch, you might define a policy that says:

  1. When the index reaches 50GB, roll over to a new index.
  2. Move the old index into the warm stage, mark it read only, and shrink it down to a single shard.
  3. After 7 days, move the index into the cold stage and move it to less expensive hardware.
  4. Delete the index once the required 30 day retention period is reached.

The technology is in beta stage yet, however is probably the way to go from now on.

Related Topic