Search
Close this search box.

How to delete .geoip_databases index from Elasticsearch 8.10.1

Table of Contents

1. Introduction

If you wonder how to delete .geoip_databases index visible on your indices list, you are in the right place.

				
					health status index            uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   .geoip_databases Wj8je5CsS_Onfs77jQFfjw   1   0         43            0     40.8mb         40.8mb

				
			

Because removal of this system index is not trivial I will describe in few steps how to do it.

2. Start Elasticsearch

Run commands to start Elasticsearch docker container.

				
					# Start Elasticsearch

docker run --rm \
--name elk \
-p 9200:9200 \
docker.elastic.co/elasticsearch/elasticsearch:8.10.1

# reset password
docker exec -it elk /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic

# after starting elasticsearch index .geoip_databases won't exist
GET https://localhost:9200/_cat/indices/.*
				
			

3. Load test data

Fresh installation will not contain that index yet. To simulate deletion it is good to have it in place, isn’t it? Ingestion pipeline will be helpful here. This is processor that manipulate data during ingestion – enrichment.

				
					curl -k -XPUT -u elastic "https://localhost:9200/_ingest/pipeline/geoip" \
-H 'Content-Type: application/json' -d'
{
  "description" : "Adding geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip"
      }
    }
  ]
}'

curl -k -XPUT -u elastic "https://localhost:9200/google/_doc/testing?pipeline=geoip" \
-H 'Content-Type: application/json' -d'
{
  "ip": "89.160.20.128"
}'

# .geoip_databases index got created
				
			

4. Delete failure

Deleting index with elastic user will cause failure as this user does not have right role assign to it. You may try to create special user for deletion

				
					# creating role for deletion
curl -k -XPOST -u elastic "https://localhost:9200/_security/role/deleter" \
-H 'Content-Type: application/json' -d'
{
        "indices": [
            {
                "names": [
                    "*"
                ],
                "privileges": [
                    "all"
                ],
                "allow_restricted_indices": true
            }
        ]
}'


curl -k -XPOST -u elastic "https://localhost:9200/_security/user/del" \
-H 'Content-Type: application/json' -d'
{
    "password":"123456",
    "roles": ["deleter"]
}'
				
			

But that will not work with this particular index (was working with .security index – do you remember?) causing another error

“Indices [.geoip_databases] use and access is reserved for system operations”

5. Successful removal

Index .geoip_databases is locked by elasticsearch when plugin is active. Actually non DELETE operation is needed here as it is enough to disable plugin and index will disappear itself.

				
					curl -k -XPUT -u elastic "https://localhost:9200/_cluster/settings" \
 -H 'Content-Type: application/json' \
-d'
{
	"persistent": {
	"ingest.geoip.downloader.enabled":"false"
	}
}'

				
			

6. Restore index back

To put index back reset cluster setting

				
					curl -k -XPUT -u elastic "https://localhost:9200/_cluster/settings" \
 -H 'Content-Type: application/json' \
-d'
{
	"persistent": {
	"ingest.geoip.downloader.enabled":null
	}
}'
				
			

7. Summary

In this tutorial you have learned how to setup Elasticsearch container then load sample data with ingestion pipeline to create .geoip_databases index. After that you learned how to properly remove it from the cluster. Hope you like it and I am happy to see comments from your side.

Have a nice coding!

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow me on LinkedIn
Share the Post:

Enjoy Free Useful Amazing Content

Related Posts