Search code examples
elasticsearch-curator

What does "source:name" in filter means?

I have been studying curator past few days and I came across this filter type "age". On official documentation it is written as name based age filter look for a timestring within the index or snapshot name, and convert that into an epoch timestamp. Which is not quite clear to me.

If I mention 

source: name

what "name" does curator refer to? Does it refer to name of any particular index and if yes how can I mention name of that index?

It will be really helpful if anyone suggest me some more documentation on curator. Thanks in advance ^^

Solution

  • Yes, source: name reads the index name and looks for a time/date value matching timestring. For example, if you had an index named indexname-2019.06.01, you might build a filter like this:

    - filtertype: age
  source: name
  timestring: ‘%Y.%m.%d’
  unit: days
  unit_count: 30
  direction: older

    This filter (if not following other filters in a list) will look through the names of all indices in Elasticsearch for a Year.month.day pattern, convert it to an epoch time stamp, and see if that date is more than 30 days older than the epoch time stamp at the time Curator is executed. If that is true, that index name will remain in the actionable list to do whatever action the filter is associated with.

    Now, this by itself can be a dangerous filter. It will match indexname-2019.06.01 or 2019.06.01-anything or even prefix-2019.06.01-suffix. Filters in Curator were made to go together in a chain. To specify which indices you want Curator to consider, it might be wise to do a pattern filter before the age filter:

    - filtertype: pattern
  kind: prefix
  value: indexname
- filtertype: age
  source: name
  timestring: ‘%Y.%m.%d’
  unit: days
  unit_count: 30
  direction: older

    Now this filter list will only look for indices which begin with indexname and have a Year.month.day time string after that. Filters in Curator are always ANDed together.

    The official Curator documentation is the ultimate source of truth for all things Curator. If you have further requests for explanation, I’m happy to answer them (full disclosure: I am the author and maintainer of Curator).