Elasticsearch Index Lifecycle Management
Page last updated:
Overview
With the Elasticsearch index lifecycle management, you can create policies to eventually delete your old indexes. This is required, so your elasticsearch-service does not get filled with ancient data and eventually run into memory problems.
Step by Step Guide
This section describes how to setup a basic index lifecycle management.
Prerequisites
To set up the index lifecycle management you already need Elasticsearch and Kibana working. - Elasticsearch - Kibana Docker
Create index lifecycle policy
First of all, you need an index lifecycle policy. To create one in Kibana, go to ‘Dev Tools’->Console. You may use this example or alter it according to your requirements.
PUT _ilm/policy/index-lifecycle
{
"policy": {
"phases": {
"delete": {
"min_age": "60d",
"actions": {
"delete": {}
}
}
}
}
}
When the console acknowledges your request, the policy has been successfully created. This example deletes an index 60 days after it’s been created.
If you prefer to use the UI to create the index lifecycle policy, you can do this under Management->'Index Lifecycle Policies’->'Create Policy’
Create index template
To create an index template, you can stay on the Console-page, we just used. You can use the following example.
PUT _template/logstash-template
{
"index_patterns": ["index-*"],
"settings": {
"number_of_shards" : "1",
"refresh_interval" : "5s",
"index.lifecycle.name": "index-lifecycle"
}
}
If you want to use different names e.g. for the template, always make sure that you change it accordingly everywhere it’s used.
Next Step
After you prepared the index lifecycle management, you are now ready to set up Logstash.
Further reading
Official Documentation on Index Lifecycle Management
View the source for this page in GitHub