Maintenance and Administration

Routine maintenance procedures and integration administration.

Log Management and Retention

Retention Policies

Configuration (extending Chapter 6):

curl -X PUT "localhost:9200/_index_template/security-template" \
  -H 'Content-Type: application/json' \
  -d '{
    "index_patterns": ["security-*"],
    "settings": {
      "index.lifecycle.name": "security-retention-policy"
    }
  }'

Policy Creation:

curl -X PUT "localhost:9200/_ilm/policy/security-retention-policy" \
  -H 'Content-Type: application/json' \
  -d '{
    "policy": {
      "phases": {
        "hot": {
          "min_age": "0ms",
          "actions": {
            "rollover": {
              "max_age": "30d",
              "max_size": "50gb"
            }
          }
        },
        "delete": {
          "min_age": "365d",
          "actions": {
            "delete": {}
          }
        }
      }
    }
  }'

Data Cleanup

Manual Cleanup:

curl -X DELETE "localhost:9200/old-index-*"

Maintenance Procedures

Regular Maintenance

Daily Tasks:

# Check system health
curl "localhost:9200/_cluster/health?pretty"

# Optimize indices
curl -X POST "localhost:9200/_forcemerge?only_expunge_deletes=true"

# Clean old logs
find /var/log/energy-logserver/ -mtime +30 -delete

Weekly Tasks:

# Backup configuration
tar -czf /backup/config-$(date +%Y%m%d).tar.gz /etc/energy-logserver/

# Update system packages
yum update -y

# Restart services if needed
systemctl restart energy-logserver

Scheduled Maintenance

Automation Script:

#!/bin/bash
# maintenance.sh

# Run daily optimization
curl -X POST "localhost:9200/_optimize?max_num_segments=5"

# Check disk space
df -h / | awk 'NR==2 {print $5}' | sed 's/%//g' | awk '{if ($1 > 80) mail -s "Disk Space Alert" admin@company.com <<< "Disk space >80%"}'

# Log rotation
logrotate -f /etc/logrotate.d/energy-logserver

Troubleshooting and Diagnostics

Common Issues

Service Not Starting:

journalctl -u energy-logserver -n 50

systemctl status energy-logserver -l

Query Timeouts:

curl "localhost:9200/_search?pretty" -d '{
  "query": {
    "match_all": {}
  },
  "timeout": "1s"
}'

Diagnostic Tools

Cluster Diagnostics:

curl "localhost:9200/_nodes/stats?pretty"

curl "localhost:9200/_cat/health?v"

Performance Diagnostics:

curl "localhost:9200/_nodes/hot_threads?pretty"

Integration Administration

UEBA Administration

Monitoring UEBA:

systemctl status ueba-engine

journalctl -u ueba-engine -n 100

AI Engine Management:

curl "localhost:9200/_cat/indices/ai-*?v"

# Model health check
curl "localhost:9200/ai-models/_search" -d '{
  "query": {
    "term": {"status": "active"}
  }
}'

Network Probe Administration

Probe Status:

curl "localhost:9600/_node/stats?pretty"

systemctl status network-probe

Pipeline Management:

curl "localhost:9600/_node/stats/pipelines?pretty"

External Integration Management

API Health:

curl "localhost:9200/_health?pretty"

Webhook Testing:

curl -X POST "https://external-system.com/webhook" -d '{
  "test": "integration"
}'