0%
参考
reindex
1
2
3
4
5
6
7
8
9
10
11
12
| from elasticsearch import Elasticsearch
from elasticsearch import helpers
host = ['es_host1', 'es_host2', 'es_host3']
port = 9200
timeout = 600
auth_user = 'elastic'
auth_password = 'hello world'
use_ssl = True
ca_certs = '/opt/certs/ca/ca.crt'
es = Elasticsearch(host, port=port, timeout=timeout, http_auth=(auth_user, auth_password), verify_certs=True, use_ssl=use_ssl, ca_certs=ca_certs)
|
按照指定日期重建索引
1
2
3
4
5
6
7
8
9
10
11
12
13
| import datetime
import time
begin_date = (datetime.datetime.now() - datetime.timedelta(days = 10)).strftime("%Y.%m.%d")
begin_date = datetime.datetime.strptime(begin_date, "%Y.%m.%d")
end_date = (datetime.datetime.now() - datetime.timedelta(days = 1)).strftime("%Y.%m.%d")
end_date = datetime.datetime.strptime(end_date, "%Y.%m.%d")
date_list = []
while begin_date <= end_date:
date_str = begin_date.strftime("%Y.%m.%d")
date_list.append(date_str)
begin_date += datetime.timedelta(days=1)
|
1
2
3
4
5
6
7
8
9
10
11
| date_list
['2020.03.19',
'2020.03.20',
'2020.03.21',
'2020.03.22',
'2020.03.23',
'2020.03.24',
'2020.03.25',
'2020.03.26',
'2020.03.27',
'2020.03.28']
|
1
2
3
4
5
6
7
8
9
| chunk_size = 10000
for day in date_list:
source_index = 'wazuh-alerts-3.x-' + day
target_index = 'siem-alerts-' + day
helpers.reindex(
client=es, source_index=source_index, target_index=target_index,
target_client=es, chunk_size=chunk_size
)
print(source_index + ' -> ' + target_index + ' fin.')
|