Deleting Old Activity

In ExaVault, history logs (activity logs) are stored in Elasticsearch and are made searchable via the UI. Certain customers with large Elasticsearch datasets may wish to purge older activity log data from Elasticsearch to improve performance.

If you want to preserve this old log data, make a backup of your VM before continuing.

To interact with Elasticsearch, first connect to your appliance via SSH. Once connected, open a shell inside the Elasticsearch container:

sudo docker exec -it exavault_elasticsearch_1 bash

Viewing Indexes

You can list the indexes containing daily activity logs by sending a curl command to Elasticsearch like the following:

curl -X GET "localhost:9200/_cat/indices/audit-*?v=true&s=index&pretty"

This will list the daily audit indexes. All audit indexes are named using the format of audit-YEAR.

Deleting Indexes

Deleting indexes is as simple as sending an HTTP DELETE command to Elasticsearch with the name of the index. You can do this using curl:

curl -X DELETE "localhost:9200/audit-1990?pretty"

To delete more than one year, the indexes can be comma separated. Here is an example of deleting indexes 1990 and 1991:

curl -X DELETE "localhost:9200/audit-1990,audit-1991?pretty"