Index deletion question

Hello,

I’m currently running a hot-warm architecture with 3 hot and 3 warm elasticsearch nodes. I would like to break these into separate clusters and use the new ES features to ship my logs from prod to archive. I will query the archive cluster with Kibana so graylog will only be accessing the production indexes. The question I have is; after i break the clusters apart is there a good way for me delete all of the archive indexes from graylog without doing them individually in the UI? I know i can do the delete curling ES directly and then do some work in mongo to make graylog aware of the change but is that best practice?

Any tips or comments on this plan are welcome.

Thanks,
JCS

is there a good way for me delete all of the archive indexes from graylog without doing them individually in the UI?

You could do the same with the API and maybe scripted. That would do the necessary steps at all in Graylog to update the Database.

thanks Jan! I haven’t got my hands dirty with the graylog API yet so this sounds like a good first test.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.