Elastic search Delete API

Mohana01 · June 8, 2018, 11:52am

I am working on ELK development Project.
When i try to delete the index am getting {acknowledged:true}
But after sometime the deleted index is getting created automatically.
Really not sure what is the cause of the problem.
Am following default settings (Primary shards : 5; replica: 1)
Thanks in advance.

Magnus_Kessler · June 8, 2018, 3:48pm

Do you have other systems that write into the Elasticsearch cluster? When a document is written to a non-existing / deleted index, the index gets automatically created.

Mohana01 · June 11, 2018, 4:47am

Logs are written from file beat only.
For ex If we have index abc_15_03_2018 ,abc_16_03_2018 .abc_17_03_2018
we are trying to delete the index abc_15_03_2018 .

Mohana01 · June 12, 2018, 11:13am

Hi
Any solution for this issue.
Bcz as we are in production deleted index is keep on creating.
what we thought is it might be bcz of replica 1 .But no luck even after making replica as 0 and created new index but still deleted index is coming back

Magnus_Kessler · June 14, 2018, 5:19pm

When an index is deleted in Elasticsearch, it does not simply re-appear unless new data is written into it. Replicas shards get deleted together with the primary shards.

Please check if the data you're sending contains timestamps from e.g. 2018-03-15, that would therefore be written to an index containing this date in the index pattern. Filebeat will use the timestamps to determine the index name.

Mohana01 · June 19, 2018, 12:28pm

We tried even deleting the index folder from the data path also . After some time index is coming back again.
When we try deleting the logs which are from (Fluentd --> Kafka --> Logstash ---> ES ) Those index are not creating any issue .
as we dont have access to stop filebeat , we tried stopping Logstash instance and deleted the indices. Still Indices are recreated.
We are running ELK stack as docker images

theuntergeek · June 19, 2018, 1:31pm

What @Magnus_Kessler said is true. Logstash doesn't create indices. It sends a document through to Elasticsearch with the bulk API instruction of, "Add this document to the index named blahblah", and Elasticsearch will create the index if it doesn't exist. The same is true of all of the Beats. If an index is being created, documents are being fed to it from somewhere.

system · July 17, 2018, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.