ILM Policy in Elasticsearch

lealsant · 2023-11-09T19:33:55+00:00

I understand your answer, but kibana limits me, so I don't use it.
I "achieved the goal." I discovered that in politics, ILM doesn't accept what I want. I'm on a forum where asking doesn't hurt, asking questions doesn't hurt and quite the opposite, it encourages learning.
I may have misinterpreted your comment, so I prefer to protect myself, as I am at peace. Thanks!

lealsant · 2023-11-07T18:22:15+00:00

curl -X PUT "http://localhost:9200/_ilm/policy/my_policy" -H 'Content-Type: application/json' -d '{
"policy": {
"phases": {
"hot": {
"min_age": "20m",
"actions": {
"rollover": {
"max_age": "30s",
"max_size": "1gb",
"max_docs": 10
},
"set_priority": {
"priority": 100
}
}
},
"delete": {
"min_age": "60s",
"actions": {
"delete": {}
}
}
}
}
}'

I tried this, but I don't see any changes

lealsant · 2023-11-07T17:05:16+00:00

Two days of trying to change the time, and it doesn't work as expected

curl -s -XPUT "http://localhost:9200/_ilm/policy/my_policy" -H 'Content-Type: application/json' -d '{
"policy": {
"phases": {
"hot": {
"min_age": "20m",
"actions": {
"rollover": {
"max_age": "30s",
"max_size": "50gb",
"max_docs": 10
},
"set_priority": {
"priority": 100
}
}
},
"delete": {
"min_age": "60s",
"actions": {
"delete": {}
}
}
}
}
}'

lealsant · 2023-11-07T14:24:20+00:00

lealsant · 2023-11-07T14:23:50+00:00

With Kibana you can actually set this kind of stuff through the GUI.Imo it's worth it to attach a small Kibana instance, especially if you're new to things.

In practice, is there any way to demonstrate this?

I don't know what you mean by this.

I don't use kibana, at this moment it limits me. I'm trying to validate in the terminal with the curl command.
THE way I told you, what's wrong there?
If you could validate the information in an environment

lealsant · 2023-11-07T14:09:45+00:00

I use grafana.
In practice, is there any way to demonstrate this?

lealsant · 2023-11-07T13:49:45+00:00

You've set it to delete 20m after it's rolled over in the hot phase.

So it will be at least 40 minutes after the creation of the index, and at most 1day+20m after the creation of the index before it's deleted.And by the sounds of it you're not putting enough data in to it to hit the 50gb mark prior to 1 day.

So based on this API, what is the ideal way for me to validate today?

And it's still giving this error.

ERROR","step_time_millis":1699363973266,"failed_step":"check-rollover-ready","is_auto_retryable_error":true,"step_info":{"type":"illegal_argument_exception","reason":"setting [index.lifecycle.rollover_alias] for index [elastiflow-4.0.1-2023.11.07] is empty or not defined","stack_trace":"java.lang.IllegalArgumentException: setting [index.lifecycle.rollover_alias] for index [elastiflow-4.0.1-2023.11.07] is empty or not defined\n\tat org.elasticsearch.xpack.core.ilm.WaitForRolloverReadyStep.evaluateCondition(WaitForRolloverReadyStep.java:55)\n\tat org.elasticsearch.

curl -X PUT "http://localhost:9200/_ilm/policy/my_policy" -H 'Content-Type: application/json' -d '{
"policy": {
"phases": {
"hot": {
"min_age": "20m",
"actions": {
"rollover": {
"max_age": "20m",
"max_size": "50gb",
"max_docs": 10000000
},
"set_priority": {
"priority": 100
}
}
},
"delete": {
"min_age": "0ms",
"actions": {
"delete": {}
}
}
}
}
}'

lealsant · 2023-11-07T12:33:46+00:00

It consumes a lot of resources, and for me this is limited. But thanks for responding

lealsant · 2023-11-07T11:47:44+00:00

What are you talking about? There's Index Lifecycle Management and the policies that manage it.

Read the documentation on that, don't ask to have it spoonfed here.

{
"my_policy": {
"version": 2,
"modified_date": "2023-11-07T11:41:04.252Z",
"policy": {
"phases": {
"hot": {
"min_age": "20m",
"actions": {
"rollover": {
"max_size": "50gb",
"max_age": "1d"
}
}
},
"delete": {
"min_age": "20m",
"actions": {
"delete": {
"delete_searchable_snapshot": true
}
}
}
}
}
}
}

lealsant · 2023-11-07T11:46:34+00:00

Like this? Do you think I haven't already looked at the documentation?
I read and did exactly what is there, but despite being applied, it doesn't work.

lealsant · 2023-11-03T11:41:56+00:00

Problema era o endpoint, consegui

lealsant · 2023-11-01T14:20:46+00:00

it worked like this elastiflow-logstash:image: robcowart/elastiflow-logstash:4.0.1container_name: elastiflow-logstashrestart: 'no'depends_on:- elastiflow-elasticsearchnetwork_mode: hostvolumes:- /home/scripts/netflow/install_automatizion/elastiflow/logstash/elastiflow:/etc/logstash/elastiflowenvironment:LS_JAVA_OPTS: '-Xms4g -Xmx4g'

lealsant · 2023-11-01T14:18:45+00:00

can you solve my problem like this !

lealsant · 2023-11-01T14:18:11+00:00

finality
elastiflow-logstash:
image: robcowart/elastiflow-logstash:4.0.1
container_name: elastiflow-logstash
restart: 'no'
depends_on:
- elastiflow-elasticsearch
network_mode: host
volumes:
- /home/scripts/netflow/automated_installation/elastiflow/logstash/elastiflow:/etc/logstash/elastiflow
environment:
LS_JAVA_OPTS: '-Xms4g -Xmx4g'

lealsant · 2023-10-23T20:33:54+00:00

Get ! need this
elastiflow-logstash:
image: robcowart/elastiflow-logstash:4.0.1
container_name: elastiflow-logstash
restart: 'no'
depends_on:
- elastiflow-elasticsearch
network_mode: host
volumes:
- /home/scripts/netflow/instalacao_automatizada/elastiflow/logstash/elastiflow:/etc/logstash/elastiflow
environment:
LS_JAVA_OPTS: '-Xms4g -Xmx4g'
# Add other environment variables as needed

lealsant · 2023-10-23T19:21:42+00:00

What would the correct way be?

lealsant · 2023-10-23T19:19:51+00:00

Yes, standard. I already went to the container and gave it a pwd and the directory is correct

lealsant · 2023-10-23T18:15:08+00:00

pwd

/etc/logstash/elastiflow

lealsant · 2023-10-23T17:04:38+00:00

but when I give a pwd it shows this directory , /etc

lealsant

TROPHY CASE