Auto delete elasticsearch data older than 30 days

Question

I have setup a ELK stack to collect logs at central server. It is working perfectly. But by default it is holding elasticsearch index/data permanently. We just want to maintain the data for 30Days. Please anyone point me how to delete indexs/data older than 30 days from elasticsearch DB. Elasticsearch version is 2.3.3.

score 4 · Answer 1 · edited Jun 13 '19 at 13:14

4

There are two easy ways to do this, both require setting up a scheduled task.

If you are using time series index names you can do something like
```
curl -DELETE http://es-host:9200/index-yyyy.mm*
```
If you're not using dates in your index names you will want to use Elasticsearch Curator

edited Jun 13 '19 at 13:14

mpromonet

124
1
12

answered Oct 20 '17 at 13:45

TheFiddlerWins

2,973
1
14
22

Curator is **designed** for this function, and works pretty well. – sysadmin1138 Oct 21 '17 at 02:36
@TheFiddlerWins thanks. step one work for me. I have written a script with command. /usr/bin/curl -XPOST "http://127.0.0.1:9200/index_name/_close" /usr/bin/curl -XDELETE "http://127.0.0.1:9200/index_name" – Sunil Bhoi Apr 26 '18 at 14:07

Auto delete elasticsearch data older than 30 days

1 Answers1