I use curator to delete the index, and then execute the delete command(curator_cli --host 172.17.91.21 --port 9200 delete_indices --filter_list '[{"filtertype": "pattern", "kind": "timestring", " Value": "2018.06.11"}]'),
Found that the contents of the deleted index are missing, but the index is still there.
How can I delete the contents of the index and index?
Curator is really only an index selection wrapper around standard Elasticsearch API calls. If Curator attempted to delete all indices with timestring 2018.06.11, and the logs show that it was successful, but you still find the index afterward, I would look at my elasticsearch logs. I would also look at the contents of the index that persists, as it was probably re-created by new content being sent to it after the delete completed.
Once an index is deleted in elasticsearch, it's gone. If it "came back," it's because something was still sending data to it, or new data came for it afterward. For example, Logstash doesn't actually create indices. It sends data in a streaming fashion. In effect, it says, "Put this document (or event) in index named (whatever you've named your index)." Elasticsearch handles the actual indexing and creation of indices not yet existing. This is why I believe something is still streaming to Elasticsearch with a date still matching your Curator filter. Also recognize that Elasticsearch (and by extension, Curator) will treat all dates in UTC time. Depending on where you are, the UTC rollover will differ from your local time by 1 or more hours.
First of all, thank you very much for your help.
I'm very sorry that the last question may be that I didn't describe it clearly. Let me describe it again.
After using the command line mode (curator_cli delete_indices) to delete the index, and then use the command (curator_cli show_indices) to see the index is indeed no more, but in kibana, the index is still there, but only an empty, no data index,
My current situation is: After the index was deleted by the curator, the index of kibana's side was also deleted accordingly. How can this situation be achieved? Thank you!
This is the process and result of my deletion of the index
[root@FTJF-ELK-TEST curator]# curator --config curator.yml action_file.yml
2018-06-12 11:43:01,206 INFO Preparing Action ID: 1, "delete_indices"
2018-06-12 11:43:01,211 INFO Trying Action ID: 1, "delete_indices": Delete selected indices.
2018-06-12 11:43:01,275 INFO Deleting selected indices: ['ftjf-test-bgfront_logs-2018-06', 'ftjf-test-front_logs-2018-06', 'ftjf-test-customer_logs-2018-06', 'ftjf-test-app_logs-2018-06', 'ftjf-test-web_logs-2018-06', 'ftjf-test-manage_logs-2018-06', 'ftjf-test-batch_logs-2018-06', 'test-2018-06-05']
2018-06-12 11:43:01,275 INFO ---deleting index ftjf-test-bgfront_logs-2018-06
2018-06-12 11:43:01,275 INFO ---deleting index ftjf-test-front_logs-2018-06
2018-06-12 11:43:01,275 INFO ---deleting index ftjf-test-customer_logs-2018-06
2018-06-12 11:43:01,275 INFO ---deleting index ftjf-test-app_logs-2018-06
2018-06-12 11:43:01,276 INFO ---deleting index ftjf-test-web_logs-2018-06
2018-06-12 11:43:01,276 INFO ---deleting index ftjf-test-manage_logs-2018-06
2018-06-12 11:43:01,276 INFO ---deleting index ftjf-test-batch_logs-2018-06
2018-06-12 11:43:01,276 INFO ---deleting index test-2018-06-05
2018-06-12 11:43:01,668 INFO Action ID: 1, "delete_indices" completed.
2018-06-12 11:43:01,668 INFO Job completed.
This is the result of the Kibana console after I performed the delete index operation. The index still exists, but there is no data in the index.
That means the index truly is gone.
What your subsequent explanation reveals is an index_pattern in Kibana, not the index itself. The fact that it's saying "No results found" implies that there is nothing to search, not that an empty index persists.
Delete the index pattern by clicking on the gear icon in the left bar, and navigate to Kibana -> index_patterns.
thank you very much!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.