Elasticsearch docs purging

Ron_ITS · February 17, 2020, 4:47pm

Hi,

Is there a ES function that can replace the epoch time? Currently we purge the doc according to ttl for past 35 days. is there a better way to handle it?

{"size":0,
"query": {
"bool": {
"must": [
{
"exists" : {
"field" : "hubtimestamp"
}
},
{
"script": {
"script": {
"lang": "expression",
"source": "((doc["ttl_i"].value ==0 ? 35 :doc["ttl_i"].value) 2460601000)+ doc["hubtimestamp"].value <=datenow",
"params": {
"datenow": {$EPOCH_TIME} <<<<==== need ES function to populate the value.
}
}
}
}
]
}
}
}

spinscale · February 18, 2020, 10:11am

Hey,

From the outside it seems to me as if you are trying to solve the wrong problem. How about having time-based indices (weekly, daily, whatever), which will allow you to simply delete a whole index after 35 days. This is much easier and much cheaper to do, than trying to delete documents based on a query.

If you have per document TTLs you could index those documents based on their TTL and basically do the same.

If this is not an option, why not add a fixed TTL timestamp on index time, so that deletion becomes easier by just specifying a date range, this way you would not need a script?

--Alex

system · March 17, 2020, 10:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
We want to automatically delete some document with different expiration dates Elasticsearch	8	587	August 27, 2020
TTL Value for Documents Under the Indices Elasticsearch	9	1244	November 15, 2023
TTL Documents Elasticsearch	9	5347	February 4, 2019
Time based indexes and automatic deletion of created indexes Elasticsearch	4	1029	June 5, 2017
TTL not deleting documents Elasticsearch	3	670	July 5, 2017

Elasticsearch docs purging

Related Topics