Table of Contents
1. Introduction
If you wonder how to delete .geoip_databases index visible on your indices list, you are in the right place.
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .geoip_databases Wj8je5CsS_Onfs77jQFfjw 1 0 43 0 40.8mb 40.8mb
Because removal of this system index is not trivial I will describe in few steps how to do it.
2. Start Elasticsearch
Run commands to start Elasticsearch docker container.
# Start Elasticsearch
docker run --rm \
--name elk \
-p 9200:9200 \
docker.elastic.co/elasticsearch/elasticsearch:8.10.1
# reset password
docker exec -it elk /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic
# after starting elasticsearch index .geoip_databases won't exist
GET https://localhost:9200/_cat/indices/.*
3. Load test data
Fresh installation will not contain that index yet. To simulate deletion it is good to have it in place, isn’t it? Ingestion pipeline will be helpful here. This is processor that manipulate data during ingestion – enrichment.
curl -k -XPUT -u elastic "https://localhost:9200/_ingest/pipeline/geoip" \
-H 'Content-Type: application/json' -d'
{
"description" : "Adding geoip info",
"processors" : [
{
"geoip" : {
"field" : "ip"
}
}
]
}'
curl -k -XPUT -u elastic "https://localhost:9200/google/_doc/testing?pipeline=geoip" \
-H 'Content-Type: application/json' -d'
{
"ip": "89.160.20.128"
}'
# .geoip_databases index got created
4. Delete failure
Deleting index with elastic user will cause failure as this user does not have right role assign to it. You may try to create special user for deletion
# creating role for deletion
curl -k -XPOST -u elastic "https://localhost:9200/_security/role/deleter" \
-H 'Content-Type: application/json' -d'
{
"indices": [
{
"names": [
"*"
],
"privileges": [
"all"
],
"allow_restricted_indices": true
}
]
}'
curl -k -XPOST -u elastic "https://localhost:9200/_security/user/del" \
-H 'Content-Type: application/json' -d'
{
"password":"123456",
"roles": ["deleter"]
}'
But that will not work with this particular index (was working with .security index – do you remember?) causing another error
“Indices [.geoip_databases] use and access is reserved for system operations”
5. Successful removal
Index .geoip_databases is locked by elasticsearch when plugin is active. Actually non DELETE operation is needed here as it is enough to disable plugin and index will disappear itself.
curl -k -XPUT -u elastic "https://localhost:9200/_cluster/settings" \
-H 'Content-Type: application/json' \
-d'
{
"persistent": {
"ingest.geoip.downloader.enabled":"false"
}
}'
6. Restore index back
To put index back reset cluster setting
curl -k -XPUT -u elastic "https://localhost:9200/_cluster/settings" \
-H 'Content-Type: application/json' \
-d'
{
"persistent": {
"ingest.geoip.downloader.enabled":null
}
}'
7. Summary
In this tutorial you have learned how to setup Elasticsearch container then load sample data with ingestion pipeline to create .geoip_databases index. After that you learned how to properly remove it from the cluster. Hope you like it and I am happy to see comments from your side.
Have a nice coding!