Deleting documents from index

reddy1262 · May 27, 2020, 9:57am

Hi Team,

we want to delete documents which are older than 30 days for an index from Kibana. Please suggest us how can we do this better. We tried below

POST elastalert_status_status/_delete_by_query
{
"query": {
"range" : {
"@timestamp" : {
"lte" : “now-30d”,
"format": "MM/dd/yyyy||yyyy"
}
}
}
}

Deleting documents only flags these as deleted, so they would not be searched. To reclaim disk space we are running below

POST /ielastalert_status_status/_forcemerge?only_expunge_deletes=true

Is there any way that we can schedule to run in Kibana or do we need to manually run them everytime?

Christian_Dahlqvist · May 27, 2020, 12:32pm

The most efficient way to she data out of Elasticsearch is to use time-based indices and just delete complete indices once all data the hold is older than the retention period. For tv joe there is support in Kibana through ILM. As far as I know there is no way to periodically run delete by query from Kibana so you may need to schedule a task through corn or similar.

reddy1262 · May 28, 2020, 11:07am

thanks Chris

system · June 25, 2020, 11:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I delete documents 3 months older? Kibana	6	245	July 5, 2023
Delete docs by date Kibana	10	1844	June 28, 2021
Delete documents by timestamp Elasticsearch	18	21974	August 3, 2017
Delete the data in Elasticsearch index based on a date/timestamp column in that index using python Kibana	5	3638	December 9, 2020
Delete documents from index based on timestamp Elasticsearch	7	3509	February 8, 2017

Deleting documents from index

Related topics