I'm using basic ELK setup + I have a couple of elastic agents. Agents (and ELK components for that matter) create system indices that I don't really use. I'd like to disable the creation of those indices and/or delete them. Is it safe to delete them? Also is there a mechanism to prevent such indices from being created at all?
I've tried nothing at this point. Since I'd like to know what is safe and possible to do. I expect to disable and/or delete unused system indices.
It's never safe to delete system indices.
It's not recommended to do any manuel operation to system indices.
I am sharing some API calls below to update the cluster settings and to prevent some automatically created system indices.
PUT /_cluster/settings
{
"persistent": {
"ingest.geoip.downloader.enabled" : "false"
}
}
PUT _cluster/settings
{
"persistent": {
"xpack.monitoring.collection.enabled": false
}
}
PUT /_cluster/settings
{
"persistent": {
"cluster.deprecation_indexing.enabled": "true"
}
}
or
PUT /_cluster/settings
{
"persistent": {
"logger.org.elasticsearch.deprecation": "OFF"
}
}
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html#deprecation-logging