Elasticsearch index

umangpatel · February 25, 2022, 9:10am

I have to remove old data of apiman-indices in Elasticsearch which contain .pos, .cf or any other extension. So how can we remove the old indices?

sholzhauer · February 25, 2022, 9:53am

Do you mean you have to remove the documents (events) in you indices with this information?

If so, is this stored in a specific field or part of a field?

umangpatel · February 25, 2022, 10:06am

yes how can i remove this

sholzhauer · February 25, 2022, 10:07am

You should be able to do this with a delete_by_query

Could you perhaps share an example doc?

Tulsi · February 27, 2022, 4:23am

There are many ways to do it:

if you know the doc id which needs to be removed use:
DELETE /<index>/_doc/<_id>
if you have many docs to be remove then use ( which can be identified via a query) then use :

POST /my-index-000001/_delete_by_query
{
  "query": {
    "match": {
      "user.id": "elkbee"
    }
  }
}

if you want to delete the index itself then use :
DELETE /<index>

yiu can use all these apis in kibana interface .

umangpatel · February 28, 2022, 8:29am

NO no, Actually i want to remove APIMAN-METRICS in Elasticsearch which is very old and consume lot of spaces. data stored in APIMAN-METRICS is .cfs, .pos this type of form so how can i delete this type of data. it directly not shown in JSON format. How can i delete this?

Tomo_M · March 2, 2022, 4:25am

It's confusing. Isn't APIMAN-METRICS is a field of some index in your elasticsearch cluster? Why it is not shown and if it is not shown, how to specify the documents??

stephenb · March 2, 2022, 5:08am

@umangpatel

Please run these in Kibana Dev Tools and share the output

GET /

GET _cat/indices?v

Then perhaps we can help.

umangpatel · March 2, 2022, 5:21am

Sorry, but We have using oldest version of kibana. And i can't see kibana dev tools in kibana dashboards. what's next step?

stephenb · March 2, 2022, 6:18am

What version of Elasticsearch are you running?

The equivalent commands can be run using curl fro

curl http://<elasticsearch hostname>:9200/

etc that should show the version.

curl http://<elasticsearch hostname>:9200/_cat/indices/?v

umangpatel · March 2, 2022, 6:48am

We have using ES version 1.7.2

stephenb · March 2, 2022, 7:03am

That is incredibly old and EOL and assuming there's any data of value in there, you should seriously consider upgrading.

Those commands should still work.

Run the _cat indices and show us what the result is.

umangpatel · March 2, 2022, 8:22am

Pl find screenshot. Result of above command
indices

stephenb · March 2, 2022, 2:28pm

A) Do want to completely remove the entire apiman index, completely remove it?

B) Or just certain documents from inside the apiman index an leave the rest of the documents?

umangpatel · March 3, 2022, 4:35am

No no, I want to remove just 6 months old documents inside apiman index. Not remove entire apiman index.

umangpatel · March 4, 2022, 4:48am

Any Update on this..

stephenb · March 4, 2022, 5:20am

You will need to get the index back to green then use delete_by_query as suggested above... Only way to do what you want.

umangpatel · March 4, 2022, 5:32am

How to get the index back to green?

stephenb · March 4, 2022, 6:43am

Good question...

Run

This

And this

And show The full output in text not a screenshot and perhaps we can help.

umangpatel · March 4, 2022, 6:56am

OK, I will check and send a results to you