please, how to delete old logs/indices or in ELK 7.3
before i used to use
curl -GET http://localhost:9200/_cat/indices
to see old indices and delete it manually using
curl -XDELETE http://localhost:9200/logstash-2020.01.*
but now, when i use
curl -GET http://localhost:9200/_cat/indices
i got a bulk of one row data (all size 120G) like this one
yellow open logstash 4KcX1ncGRgSwIL9Ow0yE_g 1 1 113013399 0 120.6gb
120.6gb
any idea how to delete old logs manually please, like before?
So you have only one index now?
Instead of using daily indices? That's it?
If you want to remove ALL logs, run
DELETE logstash
It will remove the entire index.
If you want to delete data within this index, you probably have to use delete by query API.
But if you end up removing a lot of data, like 50% of the data, it could be better to reindex the old data in a new index instead then drop the old index as I mentioned above.
hello David,
thanks a lot for your kind reply
first how to reindex old data?
or how to configure my ELK to maintain daily indices as before?
best regards,
You use the reindex API.
For logstash, you probably changed the elasticsearch output default configuration. Check it.
hi dadoonet
please, i may delete the current big log file, no problem
but in future, how can i rotate this indices as before (every day)?
and what do you mean of "elasticsearch output default configuration"? how can i find such settings?
You said you have logstash.
Share the logstash pipeline file. I believe it's named logstash.conf or something like that.
It's often stored in the logstash directory.
If you still don't know where it is, tell me how do you exactly start logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.