Index Lifecycle Management
77 views
Skip to first unread message
Neha Gautam
Nov 11, 2024, 2:50:28 AM11/11/24
to Wazuh | Mailing List
Hello,
I have OpenDistro of wazuh running on AWS ec2 instance.
There I have write the Policy to delete my archives indices older than 30 days.
For applying policy I need to select the indices manually and apply the policy.
But i need to auto mate this process as well. Is there any way for this by which can configure through wazuh dashboard.
I am currently using the wazuh version:4.9.0
I have OpenDistro of wazuh running on AWS ec2 instance.
There I have write the Policy to delete my archives indices older than 30 days.
For applying policy I need to select the indices manually and apply the policy.
But i need to auto mate this process as well. Is there any way for this by which can configure through wazuh dashboard.
I am currently using the wazuh version:4.9.0
Jose Luis Carreras Marin
Nov 11, 2024, 3:46:34 AM11/11/24
to Wazuh | Mailing List
Hello Neha Gautam,
This process is to end up automating the process of deleting the indexes according to the 30 days policy you mentioned, here are a couple of links that can be very useful:
Now, I would like to understand more in depth what you are trying to automate, as I understand it is a process that should be enough to do only once. Tell me more in depth about your objectives and how you want to achieve them. I hope I can help as much as possible.
Thanks and best regards,
Jose
This process is to end up automating the process of deleting the indexes according to the 30 days policy you mentioned, here are a couple of links that can be very useful:
- Our documentation: https://documentation.wazuh.com/current/user-manual/wazuh-indexer/index-life-management.html
- This blog, although it is a bit old, it is still quite useful to understand the whole process: https://wazuh.com/blog/wazuh-index-management/
Now, I would like to understand more in depth what you are trying to automate, as I understand it is a process that should be enough to do only once. Tell me more in depth about your objectives and how you want to achieve them. I hope I can help as much as possible.
Thanks and best regards,
Jose
Jose Luis Carreras Marin
Nov 12, 2024, 5:23:14 AM11/12/24
to Wazuh | Mailing List
Hello Neha,
Best regards,
Jose
Now I understand what you were asking, sorry. For the currently created indexes, you need to apply it manually, you can filter and select all at once and apply it. For future and new indexes, precisely the ism_template field that you have used correctly, will take care of applying that policy to all the indexes that match those parameters, so you should have no problem:
"ism_template": [
{
"index_patterns": [
"wazuh-alerts-*"
],
"priority": 1
}
]
{
"index_patterns": [
"wazuh-alerts-*"
],
"priority": 1
}
]
Now all future indices created using the wazuh-alerts-4.x-* index pattern will be allocated to a hot node. After the min_index_age condition is met, the indices are moved to a warm node and all replicas removed. The removal of the replicas ensures that storage is managed on the warm node since the data will not be queried frequently.
If you encounter any problems or questions, I will be happy to help further.
Best regards,
Jose
Reply all
Reply to author
Forward
0 new messages