Yes, I am still running 0.90. Sorry, but I find the interaction via curl
with complex json to be be awkward; I lost a lot of time experimenting
with possible syntax by cutting and pasting trials, only to find that
linefeeds and tabs in my formatted text were causing it to fail.
I will upgrade to 1.0 ASAP and attempt to recreate my indices with ttl
set. I have to investigate how to create the time-based indices, since I
used Kibana to create what I have, and the Java api for everything else.
Unfortunately I will lose several months data, but I can live with this.
Just for the sake of my sanity, can you tell me what is the correct
-XDELETE command format for my example under 0.90?
I tried to remove the query wrapper with:
curl -XDELETE 'http://192.168.4.73:9200/iron/email/_query' -d
'{"range":{"tstamp":{"from":"2013-09-01T00:00:00","to":"2013-09-02T23:59:59"}}}'
Result:
{"ok":true,"_indices":{"iron":{"_shards":{"total":5,"successful":5,"failed":0}}}}
But nothing appears to have been removed.
Thanks for your help and patience. I will try to upgrade everything to
1.0 today and start over.
On 02/19/2014 05:44 PM, Adrien Grand wrote:
Hi,
If you manage time-based data, the most efficient way to handle deletes
would be to have time-based indices. For example if your retention
policy is to keep data for the last 6 months, you could use one index
per month and delete the index that is 7 months old every month. Since
Elasticsearch supports searching across indices with no overhead
(searching over n indices which have m shards on average is exactly the
same as searching over m indices that have n shards), you would just
have to specify the indices names for the last 6 months (or use an
alias Elasticsearch Platform — Find real-time answers at scale | Elastic).
Regarding your issue, "GET [...] /_query" is not supported and the error
message that you got is due to the fact that Elasticsearch interpreted
it as a call to the GET API (it assumes _query is the document ID and
ignores the body).
However, -XDELETE should work. I just tried to reproduce the issue
locally but did not manage to. Are you using Elasticsearch 1.0? I'm
assuming so because in Elasticsearch 0.90, you should NOT enclose the
query into a top-level "query" JSON object, so this might be the cause
of your problem if you are using Elasticsearch 0.90.
On Wed, Feb 19, 2014 at 7:23 PM, Terry Healy <thealy@bnl.gov
mailto:thealy@bnl.gov> wrote:
Hello, relatively new to ES and struggling to delete old records
from an index("iron") , all of which are the same type ("email").
The idea is to purge old data that is no longer of interest. In the
examples below, I'm trying to delete all the records from Septemeber
of 2013. My use of ES is primarily via the Java API, with little
experience using curl from the command line.
The date/time field is defined like
this: "tstamp":{"type":"date","format":"dateOptionalTime"}
I have been trying to work from assorted 'delete by query' docs and
forum suggestions, but so far the result is a puzzling set of
failures. I'm sure that I'm messing something up on a very basic
level since this must be a common operation.
This works:
curl -XGET 'http://192.168.4.73:9200/iron/email/_search?pretty=true'
-d
'{"query":{"range":{"tstamp":{"from":"2013-09-01T00:00:00","to":"2013-09-30T23:59:59"}}}}'
This FAILS:
curl -XGET 'http://192.168.4.73:9200/iron/email/_query' -d
'{"query":{"range":{"tstamp":{"from":"2013-09-01T00:00:00","to":"2013-09-02T23:59:59"}}}}'
Returning: {"_index":"iron","_type":"email","_id":"_query","exists":false}
So of course the -XDELETE based on this query also fails.
Any suggestions appreciated.
--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearch+unsubscribe@googlegroups.com
<mailto:elasticsearch%2Bunsubscribe@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/087de0dd-4e88-40f9-8606-91c6b8aaada3%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Adrien Grand
--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/Xl6U_HHf1MQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j7R%2BDkgSkb6RG-gp4NagKOWjnepZ4TYx%3Dz%2Bq8ovLDbynw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/53060E0F.2060308%40bnl.gov.
For more options, visit https://groups.google.com/groups/opt_out.