Auto Delete index log ElasticSearch by period

Question

How can i configure ElasticSearch to delete logs passed 1 month, or if there is no sush conf, how can i call api delete for this purpose from java

Thank you

Answer 1

This is the sample index with 2 documents.

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "sample",
        "_type" : "_doc",
        "_id" : "1",
        "_score" : 1.0,
        "_source" : {
          "created" : "06/18/2021"
        }
      },
      {
        "_index" : "sample",
        "_type" : "_doc",
        "_id" : "2",
        "_score" : 1.0,
        "_source" : {
          "created" : "06/17/2021"
        }
      }
    ]
  }
}

Now you can use delete by query

POST /sample/_delete_by_query

{
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "created": {
              "lte": "now-30d/d",
              "format": "MM/dd/yyyy"
            }
          }
        }
      ]
    }
  }
}

Output:

{
  "took" : 8,
  "timed_out" : false,
  "total" : 2,
  "deleted" : 2,
  "batches" : 1,
  "version_conflicts" : 0,
  "noops" : 0,
  "retries" : {
    "bulk" : 0,
    "search" : 0
  },
  "throttled_millis" : 0,
  "requests_per_second" : -1.0,
  "throttled_until_millis" : 0,
  "failures" : [ ]
}

You will see Total: 2 and Deleted: 2 Hope this helps @java_dev

Answer 2

Have you tried using the Delete by query API?

This post also discusses how to go about doing so for 10 days. You could try it with 30 days instead.

Reading over these, you should get an idea of what to do. I do not know the exact answer but I hope this at least helps.