ELK - Removing old logs viewable in Kibana

2
votes

I have managed to process log files using the ELK kit and I can now see my logs on Kibana.

I have scoured the internet and can't seem to find a way to remove all the old logs, viewable in Kibana, from months ago. (Well an explaination that I understand). I just want to clear my Kibana and start a fresh by loading new logs and them being the only ones displayed. Does anyone know how I would do that?

Note: Even if I remove all the Index Patterns (in Management section), the processed logs are still there.

Context: I have been looking at using ELK to analyse testing logs in my work. For that reason, I am using ElasticSearch, Kibana and Logstatsh v5.4, and I am unable to download a newer version due to company restrictions.

Any help would be much appreciated!

Kibana screenshot displaying logs

Update:

I've typed "GET /_cat/indices/*?v&s=index" into the Dev Tools>Console and got a list of indices.

I initially used the "DELETE" function, and it didn't appear to be working. However, after restarting everything, it worked the seond time and I was able to remove all the existing indices which subsiquently removed all logs being displayed in Kibana.

SUCCESS!

1
elasticsearchlogstashkibanaelastic-stackelk

1 Answers

3
votes

Kibana is just the visualization part of the elastic stack, your data is stored in elasticsearch, to get rid of it you need to delete your index.

The 5.4 version is very old and already passed the EOL date, it does not have any UI to delete the index, you will need to use the elasticsearch REST API to delete it.

You can do it from kibana, just click in Dev Tools, first you will need to list your index using the cat indices endpoint.

GET "/_cat/indices?v&s=index&pretty"

After that you will need to use the delete api endpoint to delete your index.

DELETE /name-of-your-index

On the newer versions you can do it using the Index Management UI, you should try to talk with your company to get the new version.