Delete_by_query increases the storage size

Billz1026 · May 24, 2021, 9:50am

Hi All,

I have used following "delete_by_query" to delete large number of documents from an index of my ES.

POST /winlogbeat-7.12.0-2021.05.20-000029/_delete_by_query
{
  "query": {
    "match": {
      "event.code": "5157"
    }
  }
}

The first thing I noticed is, the delete operation is taking long time to delete the documents.

Apart from that I have noticed, the size of the index is increasing though the document count reduces.
The intention of the delete operation was to free the storage by removing less important logs.
Can someone please let me know why this is happening and guide me to free the space correctly.

Thanks
Billz1026

Christian_Dahlqvist · May 24, 2021, 10:05am

Elasticsearch shards use immutable segments for storing data so when you delete a document you create a tombstone record, but the documents are not physically deleted until the underlying segments are merged.

Billz1026 · May 24, 2021, 10:16am

Hi Christian,

Thanks for the reply. after bit reading I found that I have to run "forcemerge" to free the space. Can you please let me know whether I am in the correct path?

BR,
Billz1026

Christian_Dahlqvist · May 24, 2021, 10:21am

Yes that is correct.

Billz1026 · May 24, 2021, 10:22am

Thanks Christian

system · June 21, 2021, 10:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Free disk space monitoring after deleting records Elasticsearch	6	19053	September 27, 2018
Delete document from elasticsearch Elasticsearch	4	319	February 9, 2021
_delete_by_queryで空いたストレージを利用したい日本語による質問・議論はこちら	3	1201	November 16, 2020
Disk space, delete-by-query, forcemerge Elasticsearch	6	2571	October 2, 2018
Elasticsearch "delete by query" not released disk space Elasticsearch	4	993	June 15, 2023

Delete_by_query increases the storage size

Related Topics