问题
I am new to elasticsearch and I want to delete documents in my elasticsearch index which are older than 10 days. I want to keep only last 10 days of data.So is there any way to delete last 11nth day index automatically. What I have tried..
DELETE logstash-*/_query
{
"query": {
"range": {
"@timestamp": {
"lte": "now-10d"
}
}
}
}
Error I'm getting while running on kibana dev tools
{
"error": "Incorrect HTTP method for uri [/logstash-*/_query?pretty] and method [DELETE],
allowed: [POST]",
"status": 405
}
Please help to resolve this issues.
回答1:
You need to leverage the Delete by Query Endpoint, like this:
use POST use this endpoint
| |
V V
POST logstash-*/_delete_by_query
{
"query": {
"range": {
"@timestamp": {
"lte": "now-10d"
}
}
}
}
^
|
the query part is fine !!
回答2:
I am describe diffent approach, then @Val have suggested. You can create 10 indexes (index per day) and each day delete one of the indexes - oldest one.
- Pros: it is very easy to delete or archive old data
- Cons: you need to rewrite your queries if you need to search all days data.
来源:https://stackoverflow.com/questions/57974917/delete-data-older-than-10-days-in-elasticsearch