How to delete system indices?

Elastic Stack Elasticsearch
1

Hi all,
My current cluster is an upgraded cluster from version 7.x to 8.x
It has alot of system indices that nolonger require in the cluster but whenever i tried to delete it. I got this message

{
  "error": {
    "root_cause": [
      {
        "type": "security_exception",
        "reason": "action [indices:admin/delete] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.kibana_8.6.2_001], this action is granted by the index privileges [delete_index,manage,all]"
      }
    ],
    "type": "security_exception",
    "reason": "action [indices:admin/delete] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.kibana_8.6.2_001], this action is granted by the index privileges [delete_index,manage,all]"
  },
  "status": 403
}

Is there a way to delete the system indices?
Thanks for your help.

1 Like
2

System indices are protected against accidental deletions. I think you encounter this problem because your elastic user (superuser) does not have necessary roles.

Please check the user roles if there is explicitly defined delete_index role.

If you customized your superuser, consider using built-in user.

Or your can try another user.

3

You have to create a new role and add this to the role and add this role to a user.

"allow_restricted_indices" : 'true"

The setting is specifically set default to false so that even as the ,elastic user, you can't accidentally delete system indices.

But now be careful because you can completely destroy your cluster :slight_smile: if you delete the wrong indices

1 Like
4

OK after i set the "allow_restricted_indices" : 'true" i was able to delete the system indices
Thanks.

I only gonna delete the reporting indices since i'am nolonger using it.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.