Reputation: 27
elasticsearch ttl force delete old messages
Im set TTL as in manual, but elasticsearch documentation said that messages older then TTL time will be not affected, how can i force deletion of older messages?
Or maybe exists some method to delete messages older then 30 days?
Upvotes: 1
Views: 2704
Answers (1)
Reputation: 18895
Following from our comment back-and-forth:
I can't access that doc since it's local to your computer. But from the info is seems you're referring to a default of 30 days, probably set by graylog2 (I'm sure it isn't set By Elasticsearch).
But to answer your question: if you've got a timestamp field on your documents do a delete-by-query on that timestamp (select all docs older than 30 days and delete). http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/docs-delete-by-query.html.
To be save, be sure to do a fetch first on the same query instead of a delete to see if you've actually formulated the query correctly.
If you don't have a timestamp on your documents, I'm really not sure how to do this. Still I like to see evidence/docs that Elasticsearch doesn't delete these according to the TTL.
Upvotes: 2
Related Questions
- ELK - Removing old logs viewable in Kibana
- Removing old indices in elasticsearch
- Delete old documents from Elastic Search using logstash
- How to manually purge data from Graylog 2.1
- Deleting old entries in Elasticsearch
- How to continuously delete old fluentd logs from elasticsearch?
- Delete a specific log message from Graylog
- disable _ttl for old documents
- Elasticsearch - Remove old source in GrayLog2
- Delete old elasticsearch logs from a specific type