Overview

DELETE is an Elasticsearch API which removes a document from a specific index. This API requires an index name and _id document to delete the document. 

Delete a document

DELETE /my_index/_doc/1

Notes

• A delete request throws 404 error code if the document does not already exist in the index.
• If you want to delete a set of documents that  matches a query, you need to use delete by query API.

Overview

Delete-by-query is an Elasticsearch API, which was introduced in version 5.0 and provides functionality to delete all documents that match the provided query. In lower versions, users had to install the Delete-By-Query plugin and use the DELETE /_query endpoint for this same use case.

What it is used for

This API is used for deleting all the documents from indices based on a query. Once the query is executed, Elasticsearch runs the process in the background to delete all the matching documents so you don’t have to wait for the process to be completed.

Examples

Delete all the documents of an index without deleting the mapping and settings:

POST /my_index/_delete_by_query?conflicts=proceed&pretty
{
  "query": {
    "match_all": {}
  }
}

The conflict parameter in the request is used to proceed with the request even in the case of version conflicts for some documents. The default conflict behavior is to abort the request altogether.

Notes

• A long-running delete_by_query can be terminated using _task API.
• Inside the query body, you can use the same syntax for queries that are available under the _search API.

Common problems

Elasticsearch takes a snapshot of the index when you hit delete by query request and uses the _version of the documents to process the request. If a document gets updated in the meantime, it will result in a version conflict error and the delete operation will fail.

Overview

In Elasticsearch, an index (plural: indices) can be thought of as a table inside a database. An index contains a schema and can have one or more shards and replicas. An Elasticsearch index is divided into shards and each shard is an instance of a Lucene index.

Indices are used to store the documents in dedicated data structures corresponding to the data type of fields. For example, text fields are stored inside an inverted index whereas numeric and geo fields are stored inside BKD trees.

Examples

Create index

The following example is based on Elasticsearch version 5.x onwards. An index with two shards, each having one replica will be created with the name test_index1

PUT /test_index1?pretty
{
    "settings" : {
        "number_of_shards" : 2,
        "number_of_replicas" : 1
    },
    "mappings" : {
        "properties" : {
            "tags" : { "type" : "keyword" },
            "updated_at" : { "type" : "date" }
        }
    }
}

List indices

All the index names and their basic information can be retrieved using the following command:

GET _cat/indices?v

Index a document

Let’s add a document in the index with the command below:

PUT test_index1/_doc/1
{
  "tags": [
    "opster",
    "elasticsearch"
  ],
  "date": "01-01-2020"
}

Query an index

GET test_index1/_search
{
  "query": {
    "match_all": {}
  }
}

Query multiple indices

It is possible to search multiple indices with a single request. If it is a raw HTTP request, index names should be sent in comma-separated format, as shown in the example below, and in the case of a query via a programming language client such as python or Java, index names are to be sent in a list format.

GET test_index1,test_index2/_search

Delete indices

DELETE test_index1

Common problems

DELETE /*

action.destructive_requires_name: true