Hi, I am currently running out of storage on my Wazuh Server Hosted server. And from the search I found "/var/lib/wazuh-indexes/* " is consuming a lot of disk space.
First Question, Will it be okay if I delete all the previous created indices?
Second Question, After deleting all the indices can I also retrieve the information that happened 180 days ago which I am able to see before deleting the indices?
Hi Suman,
Not sure about your use case. Need more details what exactly you want to achieve.
But basis on my understanding:
- Yes you can delete indices if you maintaining in time series manner. Deleting index will release the space.
- If you have delete those index which holding 180 days before data, It won't be accessible.
Thank you ashish for the assist I will make sure to leave a message here after I find any other alternatives.
When deleting data from Elasticsearch, make sure to use the Elasticsearch APIs. Never ever delete anything directly on disk.
Sure, thank you I will come back to you once I take this step as a final resort.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.