Elasticsearch docs purging

Ron_ITS · February 17, 2020, 4:47pm

Hi,

Is there a ES function that can replace the epoch time? Currently we purge the doc according to ttl for past 35 days. is there a better way to handle it?

{"size":0,
"query": {
"bool": {
"must": [
{
"exists" : {
"field" : "hubtimestamp"
}
},
{
"script": {
"script": {
"lang": "expression",
"source": "((doc["ttl_i"].value ==0 ? 35 :doc["ttl_i"].value) 2460601000)+ doc["hubtimestamp"].value <=datenow",
"params": {
"datenow": {$EPOCH_TIME} <<<<==== need ES function to populate the value.
}
}
}
}
]
}
}
}

spinscale · February 18, 2020, 10:11am

Hey,

From the outside it seems to me as if you are trying to solve the wrong problem. How about having time-based indices (weekly, daily, whatever), which will allow you to simply delete a whole index after 35 days. This is much easier and much cheaper to do, than trying to delete documents based on a query.

If you have per document TTLs you could index those documents based on their TTL and basically do the same.

If this is not an option, why not add a fixed TTL timestamp on index time, so that deletion becomes easier by just specifying a date range, this way you would not need a script?

--Alex

system · March 17, 2020, 10:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
We want to automatically delete some document with different expiration dates Elasticsearch	8	595	August 27, 2020
TTL Value for Documents Under the Indices Elasticsearch	9	1379	November 15, 2023
Ttl is enabled but it is not deleting document Elasticsearch	6	1270	July 5, 2017
Prevent Elasticsearch from purging documents based on ttl Elasticsearch	4	768	August 18, 2017
TTL Documents Elasticsearch	9	5360	February 4, 2019

Elasticsearch docs purging

Related topics