vopsec
April 30, 2018, 9:51pm
1
I've successfully used a delete_by_query query on an index I'm trying to clear but Kibana is still showing the data and I can continue to interact with it.
I've tried doing an only_expunge_deletes query:
curl -u elastic:<xxxxxx> -H'Content-Type: application/json' -XPOST 'localhost:9200/_forcemerge?only_expunge_deletes=true'
but that didn't clear the data from Kibana either.
Does anyone have any recommendations or ideas about how to get the data off of the server entirely and have Kibana reflect this?
Thank you in advance!
rashmi
May 1, 2018, 12:58am
2
If you don't care about all the data in Elasticsearch, then you can delete everything:
curl -XDELETE ELASTICSEARCHIP:9200/* will delete EVERYTHING.
Cheers
vopsec
May 1, 2018, 9:19pm
3
I tried that before. I'd like to keep the indexes and the mappings so I don't want to delete everything entirely. Thanks for the idea though!
rashmi
May 1, 2018, 11:53pm
4
hmm, may be you are having lots of documents and its taking time? it's a lot of docs, maybe it's processing in the background can you try ?refresh=wait_forhttps://www.elastic.co/guide/en/elasticsearch/reference/current/docs-refresh.html
Cheers
vopsec
May 3, 2018, 10:59am
5
It has been several days and the data still exists in the Kibana GUI. Hmm...
system
May 31, 2018, 10:59am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
