What is the best procedure to delete indices?

7a6b6f · January 25, 2024, 8:34am

Hello everyone,

I have a question regarding the deletion of indices in an ELK (Elasticsearch, Logstash, Kibana) Docker-compose stack. Specifically, I would like to know the recommended procedure for deleting indices, and whether it is necessary to pause or stop the containers before executing the curl -XDELETE command.

Currently, I am using the following command to delete indices:

curl -XDELETE http://localhost:9200/logs-2023*

Questions:

1] Is this the correct approach, and should I stop or pause the containers before running this command to avoid any potential issues?

2] Then in addition, I would like to verify if the logs from 2023 will no longer appear in Kibana. Can anyone confirm this?

Any insights or best practices would be greatly appreciated.

Thank you!

Christian_Dahlqvist · January 25, 2024, 8:41am

Yes, this is the correct approach. This must be run on an active cluster, so do not stop anything. This is perfectly safe and there are no issues.

Assuming the indices contain the correct data, deleting indices will mean the data no longer is available in Elasticsearch and Kibana.

7a6b6f · February 2, 2024, 3:17pm

Thank you so much for your prompt reply, amazing !

So I tried to delete the indices, started with one to delete and it works fine, then I tried to delete from a specific month but it failed.

I had to do this step inside Kibana > DevTools:

PUT /_cluster/settings
{
    "persistent" : {
      "action.destructive_requires_name": false
    }
}

Finally, I executed the curl delete command again with logs-2023-02-* to remove the indices from February 2023 and it was working fine.

Again, thank you for you help Christian.

system · March 1, 2024, 3:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.