Unable to filter older indices

pbmamatha · September 19, 2023, 12:16pm

Hello,

I am tasked to create an alert for indices older than 3 days, however, the filter query is not working. Could you please help me identify the issue.

Have tried the below queries:


1. GET /_search
{
    "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "lt": "now-3d"
                            //"l": "now"
                        }
                    }
                }
            ]
        }
    }
 
}

2. GET /_cat/indices?v&filter_path=creation.date:<now-3d&h=uuid,creation.date.string&s=creation.date:desc

3. GET _cat/indices?v&s=index&h=uuid,creation.date | awk '$2 < "now-3d" {print $1}'

Please help!

system · October 17, 2023, 12:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query help request Elasticsearch	2	466	May 19, 2017
_cat/indices question Elasticsearch	4	394	September 6, 2019
Elastic searh Query problem Elasticsearch	2	345	November 13, 2019
DSL query for indices not receiving any documents for the past 5 mins Elasticsearch	1	370	December 29, 2021
Old indices wont delete Elasticsearch	2	1513	March 27, 2018

Unable to filter older indices

Related topics