Removing old indices in elasticsearch

elasticsearch logstash elasticsearch-plugin
steven johns picture steven johns · Oct 30, 2015 · Viewed 45.6k times · Source

I have the many of my logs indexed in logstash-Year-Week format. That is if i want to delete indices older than a few weeks, how can I achieve that in elasticsearch. Is there an easy, seamless way to do that?

Answer

Vineeth Mohan picture Vineeth Mohan · Nov 1, 2015

Curator would be an ideal match here. You can find the link here - https://github.com/elastic/curator

A command like below should work just fine - 

curator --host <IP> delete indices --older-than 30 --prefix "twitter-" --time-unit days  --timestring '%Y-%m-%d'

You can keep in this in the CRON for removing the indices occasionally.

You can find some examples and docs here - https://www.elastic.co/guide/en/elasticsearch/client/curator/current/examples.html

Related questions

How to retrieve unique count of a field using Kibana + Elastic Search

Is it possible to query for a distinct/unique count of a field using Kibana? I am using elastic search as my backend to Kibana. If so, what is the syntax of the query? Heres a link to the Kibana …

Read More
Export to csv/excel from kibana

I am building a proof of concept using Elasticsearch Logstash and Kibana for one of my projects. I have the dashboard with the graphs working without any issue. One of the requirements for my project is the ability to download …

Read More
Redis Vs RabbitMQ as a data broker/messaging system in between Logstash and elasticsearch

We are defining an architecture to collect log information by Logstash shippers which are installed in various machines and index the data in one elasticsearch server centrally and use Kibana as the graphical layer. We need a reliable messaging system …

Read More