(Last Updated On: October 26, 2018)

In Elasticsearch, an index is similar to a database in the world of relational databases. It goes something like this:

MySQL => Databases => Tables => Columns/Rows
Elasticsearch => Indices => Types => Documents with Properties

An index is a logical namespace which maps to one or more primary shards and can have zero or more replica shards. Elasticsearch mapping is like a database schema and describes the fields or properties that documents of similar class should have.

When working with a huge chunk of data, your Elasticsearch indices could grow fast to deplete your local storage. This may necessitate deletion of old indices that are no longer required. In his tutorial, I’ll guide you through the process of deleting Elasticsearch Index data.

How to delete Elasticsearch Index data

First get a list of Elasticsearch indices available in your cluster using curl:

$ curl http://<node-ip|hostname>:9200/_cat/indices

The <node-ip> can be localhost, Elasticsearch Node IP address or a hostname of one of the Cluster Nodes. See example below

$ curl http://10.1.1.18:9200/_cat/indices
green open graylog_309 dJr9peVJT5Kr4_nnzinzrw 4 0 20024903 0 3.3gb 3.3gb
green open graylog_325 cD9PeVslRTSNA_PlDAPZng 4 0   905913 0 175mb 175mb
green open graylog_324 4RpR8isyQBqu_h_ifnLpJA 4 0 20025091 0 3.3gb 3.3gb
green open graylog_322 F6TN9vCPQEaYcZlNhmMokQ 4 0 20018746 0 3.3gb 3.3gb
green open graylog_311 DccOlotNR9GKmusIhRGi1w 4 0 20012500 0 3.3gb 3.3gb
green open graylog_318 -SqQ5oEcRtSlZvqaZ_L1jg 4 0 20032700 0 3.3gb 3.3gb
green open graylog_307 DLoFntfVRY-91FyasXoCUg 4 0 20026500 0 3.3gb 3.3gb
green open graylog_308 Vygbzx-WR4WGkOWTM1ptmw 4 0 20027535 0 3.3gb 3.3gb

Once you identify the index to delete, use the following command to remove it together with its data

$ curl -XDELETE http://<node-ip|hostname>:9200/<index-name>

See example:

$ curl -XDELETE http://10.1.1.18:9200/graylog_308
{"acknowledged":true}

You can use a simple bash loop to delete multiple indices

for i in graylog_307 graylog_308 graylog_309 graylog_311; do
 curl -XDELETE http://10.1.1.18:9200/${i}
done

You can confirm deletion of an index by rechecking the available list

$ curl http://10.1.1.18:9200/_cat/indices

We have a number of Elasticsearch setup articles, here are the links

How to Deploy a three-node Elasticsearch Cluster on Ubuntu 18.04

How to Install Elasticsearch 5.x on Ubuntu 18.04 LTS (Bionic Beaver) Linux

How to Install Elasticsearch 6.x on Ubuntu 18.04 LTS (Bionic Beaver) Linux

How to Install Elasticsearch 6 on CentOS 7 with Kibana Data Visualization tool