Hi community,
is it safe to remove the indicies .internal.alerts-observability.logs.alerts-default-<id> or .internal.alerts-observability.metrics.alerts-default-<id> to clear out old alerts?
I want to start from scratch. I checked these are not write indexes.
If not, what is the best approach to clear out alerts?
i think Observability “Alerts as Data” data streams system/stored indexes. Kibana/Observability manages these. Deleting individual documents/indexes from these indexes may cause alerts to reappear when they are recreated or references to be broken.
@dot-mike As long as you have confirmed these are not current write indices and the data is no longer necessary for observability or monitoring purposes. Deleting non-write indices will not impact active alerting. Also good to back up any important data before removal.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.