How to Delete Old Elasticsearch Indices Using Shell Scripts
This guide explains how to identify and remove outdated Elasticsearch indices by listing shards, filtering target indices, deleting them with a shell loop, and automating the process with a scheduled cron job, helping keep ELK performance optimal.
Step 1: List all shards on the Elasticsearch node to see existing indices:
curl -XGET 'http://192.167.X.XX:9200/_cat/shards'
Step 2: Filter the indices you want to delete (for example, those created on 2023‑08‑06) and save the names to a temporary file:
curl -XGET 'http://192.167.X.X:9200/_cat/shards' | grep "2023\.08\.06" | grep 192.167.X.XX | awk '{print $1}' | uniq > elk-index.tmp
Step 3: Delete the filtered indices using a shell loop:
for i in $(cat elk-index.tmp); do curl -XDELETE http://192.167.X.X:9200/$i done
Step 4: To automate regular cleanup, add a cron job that runs a script at a chosen time (e.g., 3 AM daily):
0 3 * * * bash /home/scripts/del_elasticseatch_index.sh
The script /home/scripts/del_elasticseatch_index.sh can contain logic such as:
#!/bin/bash # Delete indices older than 180 days curl -XGET 'http://192.167.X.X:9200/_cat/shards' | grep 192.167.X.X | awk '{print $1}' | grep $(date -d "180 days ago" +%Y.%m.%d) | uniq > /tmp/index_name.tmp for index_name in $(cat /tmp/index_name.tmp); do curl -XDELETE http://192.167.X.X:9200/$index_name echo "${index_name} delete success" >> /home/scripts/del_elasticseatch_index.log done
By following these steps, you can regularly prune old Elasticsearch indices, preventing performance degradation and long synchronization times during node restarts.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.