Filter Methods

Sections

Regex

build_filter

api.build_filter(kindOf=None, time_unit=None, timestring=None, groupname='date', value=None)

Return a filter object based on the arguments.

Parameters:
  • kindOf – Can be one of: [older_than|newer_than|suffix|prefix|regex|timestring|exclude]. This option defines what kind of filter you will be building.
  • groupname – The name of a named capture in pattern. Currently only acts on ‘date’
  • timestring – An strftime string to match the datestamp in an index name. Only used for time-based filtering.
  • time_unit – One of hours, days, weeks, months. (default: days). Only used for time-based filtering.
  • value – Depends on kindOf. It’s a time-unit multiplier for older_than and newer_than. It is the strftime string if kindOf is timestring. It’s used to build the regular expression for other kinds.

apply_filter

api.apply_filter(items, pattern=None, exclude=False, groupname=None, timestring=None, time_unit=None, method=None, value=None, utc_now=None)

Iterate over all items in the list and return a list of matches

Parameters:
  • items – A list of indices or snapshots to act on
  • pattern – A regular expression to iterate all indices against.
  • exclude – If True, exclude matches rather than include
  • groupname – The name of a named capture in pattern. Currently only acts on ‘date’
  • timestring – An strftime string to match the datestamp in an index name. Only used for time-based filtering.
  • time_unit – One of hours, days, weeks, months. (default: days). Only used for time-based filtering.
  • method – Either older_than or newer_than. Only used for time-based filtering.
  • valuetime_unit multiplier used to calculate time window. Only used for time-based filtering.
  • utc_now – Used for testing. Overrides current time with specified time.

get_date_regex

api.get_date_regex(timestring)

Return a regex string based on a provided strftime timestring.

Parameters:timestring – An strftime pattern
Return type:str

Date & Time

get_datetime

api.get_datetime(index_timestamp, timestring)

Return the datetime extracted from the index name, which is the index creation time.

Parameters:
  • index_timestamp – The timestamp extracted from an index name
  • timestring – An strftime pattern
Return type:

Datetime object

get_target_month

api.get_target_month(month_count, utc_now=None)

Return datetime object for number of full months older than month_count from now, or utc_now, if provided.

Parameters:
  • month_count – Number of full months
  • utc_now – Used for testing. Overrides current time with specified time.
Return type:

Datetime object

get_cutoff

api.get_cutoff(unit_count=None, time_unit='days', utc_now=None)

Find the cutoff time based on unit_count and time_unit.

Parameters:
  • unit_counttime_unit multiplier
  • time_unit – One of hours, days, weeks, months. (default: days)
  • utc_now – Used for testing. Overrides current time with specified time.
Return type:

Datetime object

timestamp_check

api.timestamp_check(timestamp, timestring=None, time_unit=None, method='older_than', value=None, utc_now=None)

Check timestamp to see if it is value * time_unit method (older_than or newer_than) the calculated cutoff.

Parameters:
  • timestamp – An strftime parsable date string.
  • timestring – An strftime string to match against timestamp.
  • time_unit – One of hours, days, weeks, months.
  • methodolder_than or newer_than.
  • valuetime_unit multiplier used to calculate time window.
  • utc_now – Used for testing. Overrides current time with specified time.
Return type:

bool

Disk Space

filter_by_space

api.filter_by_space(client, indices, disk_space=None, reverse=True)

Remove indices from the provided list of indices based on space consumed, sorted reverse-alphabetically by default. If you set reverse to False, it will be sorted alphabetically.

The default is usually what you will want. If only one kind of index is provided–for example, indices matching logstash-%Y.%m.%d–then reverse alphabetical sorting will mean the oldest get removed first, because lower numbers in the dates mean older indices.

By setting reverse to False, then index3 will be deleted before index2, which will be deleted before index1

Parameters:
  • client – The Elasticsearch client connection
  • indices – A list of indices to act on
  • disk_space – Filter indices over n gigabytes
  • reverse – The filtering direction. (default: True)
Return type:

list