Have just finished the proof of concept (and learning) stage of ELK 7.12.1 installation.
At the moment we are using a relatively simple filebeat->logstash->elasticsearch->kibana set up.
During that process, I made some errors in my logstash config files which means our first, default, index, has not only imported things in ways that I don't want, but unforced errors on my part means some very weird entries filled with unicode have crept into that index.
There isn't much data - less than 10GB.
Now that I have a logstash pipeline that I am happy with - and can see working as I want - I'd like to reimport all the original data. I've looked at reindexing, but the mistakes I made seem to have made some horror errors and given how small the data set is, I'd like to reimport.
What's the best method for doing this? I can't see anything specific about the reimporting of data.
I presume one method would be to nuke the initial index and restart all filebeat clients but I was wondering if there was something less dramatic?