Fluentd 日志收集器写入 Elasticsearch,最终填满磁盘。例如,如何将它们限制为一个月?
Fluentd 配置的一部分(使用 Kubernetes):
<match kubernetes.**>
@type elasticsearch_dynamic
host elasticsearch.default.svc.cluster.local
port 9200
include_tag_key true
logstash_format true
logstash_prefix kubernetes-${record['kubernetes']['pod_name']}
</match>
Elasticsearch的“策展人”,可以删除“索引”,但我不知道Fluentd创建了什么索引,什么时候停止使用它们,当索引中仍有有用的新日志时删除索引是什么意思?
Curator 将为您删除索引,无论是 Logstash、fluentd 还是其他一些应用程序制作的索引。此示例将使用您在上述注释中提供的索引模式。
---
actions:
1:
action: delete_indices
description: >-
Delete indices older than 30 days (based on index name), for kubernetes-elasticsearch-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: true
disable_action: true
filters:
- filtertype: pattern
kind: prefix
value: kubernetes-elasticsearch-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 30