Hello,
how to properly delete index, eg. winlogbeat-2016.06.30 on Windows ELK?
We offer a REST api [1] which is accessible from many clients.
- The simplest (in Unix) is using the CURL command-line tool which I'm sure you can find Windows-equivalents of.
- Language clients like Python, Perl, Java, Ruby etc
- Browser-based GUIs
- General-purpose REST clients [3]
- elasticsearch-specific UIs [4]
[1] https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices-delete-index.html
[2] https://www.elastic.co/elasticon/2015/sf/all-about-elasticsearch-language-clients
[3] https://chrome.google.com/webstore/detail/insomnia-rest-client/gmodihnfibbjdecbanmpmbmeffnmloel?hl=en
[4] https://www.elastic.co/guide/en/elasticsearch/plugins/2.3/management.html#_community_contributed_management_and_site_plugins
Thank you, link [4] is interesting, ElasticHQ looks good.
Have you looked at Elasticsearch Curator? It can delete indices based on definable criteria, as well as many other actions.
As a bonus, there is a Windows binary package available.
I looked at curator but it is a little bit complicated tool as for me, but I try to learn it, thanks for help.
I try to use Windows curator but I have troubles, I'd like to delete indices ex. from winlogbeat-2016.07.20 to winlogbeat-2016.07.30, how can I do this?
I noticed something and it is a little bit strange, when I delete index with ElasticHQ and then add other machine to send events, the deleted index is re-created, although is small. How can I permanently delete it?
If it is being recreated, it is because something is still being sent to be indexed to that index. You will simply have to re-delete it until nothing else is sending data.
As far as using Curator is concerned, try the delete_indices example as a starting place.