esclean: add --older-than flag

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-07 13:16:11 +01:00 · 2020-02-07 13:16:11 +01:00 · ab457106a6
parent acfd3ec3f1
commit ab457106a6
1 changed files with 7 additions and 0 deletions
--- a/elasticsearch/esclean.py
+++ b/elasticsearch/esclean.py
@ -24,6 +24,8 @@ def parse_opts():
                      help='Fleet to query for.')
    parser.add_option('-s', '--severity',
                      help='Log severity/level.')
+    parser.add_option('-o', '--older-than',
+                      help='How old the logs should be, in days.')
    parser.add_option('-d', '--delete', action='store_true',
                      help='Delete matching documents.')
    parser.add_option('-q', '--query', type='int', default=0,
@ -66,6 +68,11 @@ def main():
        queries.append({'term': {'severity_name': opts.severity}})
    if opts.message:
        queries.append({'match_phrase':{'message': opts.message}})
+    if opts.older_than:
+        queries.append({'range':{ '@timestamp': {
+            'lt': 'now-{}d'.format(opts.older_than),
+            'format': 'basic_date_time',
+        }}})

    body = None
    if len(queries) > 0: