Removing From ElasticSearch by type last 7 day

Question

I have different logs in elasticsearch 2.2 separate by 'type'. How can delete all data, only one of type, older one week? thanks

Example of logs:

{
  "_index": "logstash-2016.02.23",
  "_type": "dns_ns",
  "_id": "AVMOj--RqgDl5Axva2Nt",
  "_score": 1,
  "_source": {
    "@version": "1",
    "@timestamp": "2016-02-23T14:37:07.029Z",
    "type": "dns_ns",
    "host": "11.11.11.11",
    "clientip": "22.22.22.22",
    "queryname": "api.bing.com",
    "zonetype": "Public_zones",
    "querytype": "A",
    "querytype2": "+ED",
    "dnsip": "33.33.33.33"
  },
  "fields": {
    "@timestamp": [
      1456238227029
    ]
  }
}

please provide more details... – Anoop LL Feb 23 '16 at 12:03 — Anoop LL, Feb 23 '16 at 12:03

score 0 · Accepted Answer · edited May 23 '17 at 12:07

0

See here or here on how to delete by query. In Elasticsearch 2.*, you might find the Delete by Query plugin useful.

edited May 23 '17 at 12:07

Community

1
1

answered Feb 23 '16 at 13:13

Michele Palmia

2,402
2
25
28

jhilden · Answer 2 · 2016-02-24T15:26:51.520

Deleting "types" is no longer directly supported in ES 2.x A better plan is to have rolling indexes, that way deleting indexes older than 7 days becomes very easy.

Take the example of logstash, it creates an index for every day. You can then create an alias for logstash so that it queries all indexes. And then when it comes time to delete old data you can simply remove the entire index with:

DELETE logstash-2015-12-16

Removing From ElasticSearch by type last 7 day

2 Answers2