I have setup a ELK stack to collect logs at central server. It is working perfectly. But by default it is holding elasticsearch index/data permanently. We just want to maintain the data for 30Days. Please anyone point me how to delete indexs/data older than 30 days from elasticsearch DB. Elasticsearch version is 2.3.3.
Asked
Active
Viewed 1.5k times
1 Answers
4
There are two easy ways to do this, both require setting up a scheduled task.
If you are using time series index names you can do something like
curl -DELETE http://es-host:9200/index-yyyy.mm*If you're not using dates in your index names you will want to use Elasticsearch Curator
mpromonet
- 134
- 1
- 12
TheFiddlerWins
- 2,999
- 1
- 15
- 22
-
Curator is **designed** for this function, and works pretty well. – sysadmin1138 Oct 21 '17 at 02:36
-
@TheFiddlerWins thanks. step one work for me. I have written a script with command. /usr/bin/curl -XPOST "http://127.0.0.1:9200/index_name/_close" /usr/bin/curl -XDELETE "http://127.0.0.1:9200/index_name" – Sunil Bhoi Apr 26 '18 at 14:07