{"id":19398166,"url":"https://github.com/helloimalemur/elktool","last_synced_at":"2025-07-13T19:37:46.222Z","repository":{"id":225427786,"uuid":"765974597","full_name":"helloimalemur/ELKTool","owner":"helloimalemur","description":"Manage Elasticsearch Logstash Kibana (ELK) stack ILMs, Backups, and Alerting.","archived":false,"fork":false,"pushed_at":"2024-11-28T06:18:26.000Z","size":166,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-28T06:19:31.031Z","etag":null,"topics":["backup","backups","elastic-search","elastic-stack","elasticsearch","elk","elk-stack"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/helloimalemur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-02T02:06:55.000Z","updated_at":"2024-11-19T18:05:15.000Z","dependencies_parsed_at":"2024-03-02T03:23:02.567Z","dependency_job_id":"a0be9acf-6229-4814-aa21-04d506ce2d70","html_url":"https://github.com/helloimalemur/ELKTool","commit_stats":null,"previous_names":["helloimalemur/elktool"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helloimalemur%2FELKTool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helloimalemur%2FELKTool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helloimalemur%2FELKTool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helloimalemur%2FELKTool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/helloimalemur","download_url":"https://codeload.github.com/helloimalemur/ELKTool/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232867368,"owners_count":18588785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup","backups","elastic-search","elastic-stack","elasticsearch","elk","elk-stack"],"created_at":"2024-11-10T11:05:02.891Z","updated_at":"2025-01-07T11:12:28.439Z","avatar_url":"https://github.com/helloimalemur.png","language":"Rust","readme":"# elktool\n\n## Setup\nextracts and builds within ```/var/lib/elktool/``` \\\ncreates systemd service ```elktool```\n\n## install manually\n```shell\nbash -e install.sh\n```\n\n## About\n#### Manage Elastic Index lifetimes without the complexity\n    Simply set a maximum lifetime.\n    The Tool closes and deletes indices matching policies in the ```Policy.toml``` file.\n\n### Create backups\n    Tool will create a daily elastic \"snapshot\" to the configured default snapshot repository.\n\n### Alert index\n    Create Rules in Kibana to create an index named \"alert-index\"\n    The Tool checks for an index named \"alert-index\" containing alert information.\n    An alert summary is then sent to the configured discord webook and email recipients.\n\n##### Alert index connector format\n```shell\n{\n\"title\": \"{{context.title}}\",\n\"content\": \"{{context.message}}\"\n}\n```\n## Alert index for pagerduty\n```shell\n{\n  \"title\": \"{{context.title}}\",\n  \"content\": \"::PAGERDUTY::{{context.message}}\"\n}\n```\n\n### ```Settings.toml```\nEnable or disable backups via ```backups_enabled=\"true\"``` \\\nSpecify remote backup vs local backup via ```remote_copy_enabled=\"false\"``` \\\n\n[//]: # (Specify threshold for snapshot ```snapshot_inverval_days=\"30\"```)\nSpecify threshold for backup ```backup_inverval_days=\"34\"``` # longer than snapshot recommended\nSpecify loop delay via ```delay=\"43200\"```\nSpecify whether to run Lifetime Management and Backup procedure on start ```run_lm_on_start=\"false\"```\nSpecify whether to enable alerting ```alerting_enabled=\"true\"```\n\n### config/Settings.toml\n```toml\ndelay=\"43200\" # delay on loop\n# elastic url and credentials\nelastic_url=\"https://yourelkinstance:9200\"\nelastic_user=\"\"\nelastic_pass=\"\"\nrun_lm_on_start=\"true\"\nalerting_enabled=\"true\"\n# discord server webook\ndiscord_webhook_url=\"\"\n# snapshot settings\nsnapshot_repo_name=\"backup_snapshot_repo\" # name of elastic snapshot repo - DO NOT CHANGE\nsnapshot_repo_path=\"/mnt/backup_drive/backup_snapshot_repo/\" # elastic repo path - update elasticsearch.yml\nsnapshot_last_timestamp=\"/mnt/backup_drive/last_snapshot\" # timestamp of last snapshot\nsnapshot_backup_enabled=\"true\" # enable/disable backups entirely\nsnapshot_repo_backup_drive=\"/dev/nvme3n1p1\" # Elastic drive (not the backup drive, but the drive live elastic data is stored on)\nsnapshot_min_free_space=\"1300000\" # minimum free space to initiate snapshot creation (1300000 = 1300GB)\n#####\nmax_async_search_response_size=\"20MB\"\n### SMTP settings\nsmtp_enabled = \"false\"\nsmtp_host = \"smtp-relay.gmail.com\"\nsmtp_port = \"587\"\nsmtp_require_auth = \"true\"\nsmtp_username = \"\"\nsmtp_password = \"\"\nsmtp_recipient_1 = \"\"\nsmtp_recipient_2 = \"\"\nsmtp_recipient_3 = \"\"\nsmtp_recipient_4 = \"\"\nsmtp_recipient_5 = \"\"\nsmtp_recipient_6 = \"\"\nsmtp_recipient_7 = \"\"\n```\n\n\n### config/Policy.toml\nMatches prefix for policy and index name for matching on indexes, delimited by '_'. \\\n```delete_``` and ```close_``` are available. \\\n```policy_index=\"days\"```\n```toml\n# HAPROXY\nclose_haproxy=\"45\"\ndelete_haproxy=\"90\"\n```\n\n### config/Transforms.toml\nParses value from source field into a new index field (currently only working for url parameters) \\\n```toml\n[[entry]]\nindex_prefix = \"haproxy-files-2024.05.*\"\nsource_field = \"message\"\ndestination_field = \"loginId\"\ntransform_type = \"url_param\"\nneedle = \"loginId=\"\ntotal_to_process = 6000\n\n[[entry]]\nindex_prefix = \"haproxy-files-TODAY\"\nsource_field = \"message\"\ndestination_field = \"funnelReferenceId\"\ntransform_type = \"url_param\"\nneedle = \"funnelReferenceId=\"\ntotal_to_process = 5000\n```\n\n\n## Development and Collaboration\n#### Feel free to open a pull request, please run the following prior to your submission please!\n    echo \"Run clippy\"; cargo clippy -- -D clippy::all\n    echo \"Format source code\"; cargo fmt -- --check\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhelloimalemur%2Felktool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhelloimalemur%2Felktool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhelloimalemur%2Felktool/lists"}