Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which can resolve issues that cause many errors.
This guide will help you check for common problems that cause the log ” failures and conflicts encountered while running DeleteByQuery on indices . ” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: delete, delete-by-query, indices and plugin.
Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to pinpoint the cause of many errors and provides suitable actionable recommendations how to resolve them (free tool that requires no installation).
Overview
DELETE is an Elasticsearch API which removes a document from a specific index. This API requires an index name and _id document to delete the document.
Delete a document
DELETE /my_index/_doc/1
Notes
- A delete request throws 404 error code if the document does not already exist in the index.
- If you want to delete a set of documents that matches a query, you need to use delete by query API.
Overview
Delete-by-query is an Elasticsearch API, which was introduced in version 5.0 and provides functionality to delete all documents that match the provided query. In lower versions, users had to install the Delete-By-Query plugin and use the DELETE /_query endpoint for this same use case.
What it is used for
This API is used for deleting all the documents from indices based on a query. Once the query is executed, Elasticsearch runs the process in the background to delete all the matching documents so you don’t have to wait for the process to be completed.
Examples
Delete all the documents of an index without deleting the mapping and settings:
POST /my_index/_delete_by_query?conflicts=proceed&pretty
{
"query": {
"match_all": {}
}
}The conflict parameter in the request is used to proceed with the request even in the case of version conflicts for some documents. The default conflict behavior is to abort the request altogether.
Notes
- A long-running delete_by_query can be terminated using _task API.
- Inside the query body, you can use the same syntax for queries that are available under the _search API.
Common problems
Elasticsearch takes a snapshot of the index when you hit delete by query request and uses the _version of the documents to process the request. If a document gets updated in the meantime, it will result in a version conflict error and the delete operation will fail.
Overview
In Elasticsearch, an index (plural: indices) can be thought of as a table inside a database. An index contains a schema and can have one or more shards and replicas. An Elasticsearch index is divided into shards and each shard is an instance of a Lucene index.
Indices are used to store the documents in dedicated data structures corresponding to the data type of fields. For example, text fields are stored inside an inverted index whereas numeric and geo fields are stored inside BKD trees.
Examples
Create index
The following example is based on Elasticsearch version 5.x onwards. An index with two shards, each having one replica will be created with the name test_index1
PUT /test_index1?pretty
{
"settings" : {
"number_of_shards" : 2,
"number_of_replicas" : 1
},
"mappings" : {
"properties" : {
"tags" : { "type" : "keyword" },
"updated_at" : { "type" : "date" }
}
}
}List indices
All the index names and their basic information can be retrieved using the following command:
GET _cat/indices?v
Index a document
Let’s add a document in the index with the command below:
PUT test_index1/_doc/1
{
"tags": [
"opster",
"elasticsearch"
],
"date": "01-01-2020"
}Query an index
GET test_index1/_search
{
"query": {
"match_all": {}
}
}Query multiple indices
It is possible to search multiple indices with a single request. If it is a raw HTTP request, index names should be sent in comma-separated format, as shown in the example below, and in the case of a query via a programming language client such as python or Java, index names are to be sent in a list format.
GET test_index1,test_index2/_search
Delete indices
DELETE test_index1
Common problems
- It is good practice to define the settings and mapping of an Index wherever possible because if this is not done, Elasticsearch tries to automatically guess the data type of fields at the time of indexing. This automatic process may have disadvantages, such as mapping conflicts, duplicate data and incorrect data types being set in the index. If the fields are not known in advance, it’s better to use dynamic index templates.
- Elasticsearch supports wildcard patterns in Index names, which sometimes aids with querying multiple indices, but can also be very destructive too. For example, It is possible to delete all the indices in a single command using the following commands:
DELETE /*
To disable this, you can add the following lines in the elasticsearch.yml:
action.destructive_requires_name: true
Log Context
Log “[{}] {} failures and {} conflicts encountered while running DeleteByQuery on indices [{}].” classname is TransportDeleteJobAction.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
} else {
if (bulkByScrollResponse.isTimedOut()) {
logger.warn("[{}] DeleteByQuery for indices [{}] timed out."; jobId; String.join("; "; indexNames.get()));
}
if (!bulkByScrollResponse.getBulkFailures().isEmpty()) {
logger.warn("[{}] {} failures and {} conflicts encountered while running DeleteByQuery on indices [{}].";
jobId; bulkByScrollResponse.getBulkFailures().size(); bulkByScrollResponse.getVersionConflicts();
String.join("; "; indexNames.get()));
for (BulkItemResponse.Failure failure : bulkByScrollResponse.getBulkFailures()) {
logger.warn("DBQ failure: " + failure);
}
