My client enabled Entreprise Search a while ago, to test it / play with it, but never got far. A couple of month later there is 120 .ent-search indices sitting empty on the production cluster.
So of course I went to the Elastic Cloud console, and "revoked" the Entreprise Search add-on. But that does not clean the indices it created.
I wonder if that could be a feature: when you ask to remove Entreprise Search, also have the option to clean the data / index created!
120 indices means 240 shards, that's a lot to me even if they are empty.
All Enterprise Search indices will start with .ent-search. You can use the Delete index API | Elasticsearch Guide [8.2] | Elastic to delete these indices. I would also suggest using a wildcard if you can update your cluster settings.
By default, this parameter does not support wildcards ( * ) or _all . To use wildcards or _all , set the action.destructive_requires_name cluster setting to false .
And it's the same with all kinds of other features such as APM.
I'm seeing questions regularly about how to delete unused indices that were created by the Elastic stack and just sit there (doing nothing?) eating up shards. I have about 20-30 indices on our cluster that we created ourselves and in total 200 indices with 400 shards. With an 8GB heap memory it is adviced to limit to 160 shards.
The overhead from the Elastic stack itself seems to be huge. How can we manage that?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.