Hi All,
I'm creating indexes base on the current day in elasticsearch using logstash.
But i'm having a problem now deleting a specific log entry because i don't know the index name(i don't know when he was created).
can i delete log entry with logstash without knowing the index name?
Deleting a document by _id in Elasticsearch requires 3 components, each necessary:
- Index name
- Type
- The document _id
If you are lacking one of those, you cannot delete by id. Think of it like pinpointing a mailbox at an apartment building: The zip code is the index name, the address is the type, and the mailbox number is the document id. In theory, there _could be two buildings in the same zip code with the same mailbox number but have different addresses. Likewise you could have two identical addresses in two different zip codes, so there would be a collision there, too. All 3 are necessary to delete by _id, or Elasticsearch will reject it.
A potential work-around would be to query for a given document id in Elasticsearch, and using the results, populate the index name, type, and _id.