Page MenuHomeSoftware Heritage
Create Task
Maniphest T977

Delete old system log data from the Elasticsearch cluster
Closed, MigratedEdits Locked
Actions

Description

The elasticsearch cluster on banco.internal.softwareheritage.org contains

  • old system log data
  • test data injected by error from my laptop

It would be nice to delete unneeded documents at some point.

Proposed request to clean up test data:

curl -i -H'Content-Type: application/json' -XPOST "http://localhost:9200/_all/_delete_by_query/?pretty=true" -d '
{
    "query" : {
	"match" : { "hostname" : "hplaptopft0" }}
    }
}'

Proposed request to clean up old system log data:

curl -i -H'Content-Type: application/json' -XPOST "http://localhost:9200/_all/_delete_by_query/?pretty=true" -d '
{
    "query" : {
	"bool": {
	    "must_not": [{ "match" : { "systemd_unit" : "swh-worker@" } }],
	    "must": { "range" : { "@timestamp" : { "lt" : "now-3M" }}}
	}
    }
}'

Remark: closed Elasticsearch indices are not processed.
In order to delete documents from closed indices, we have to reopen them first.

Related Objects
Search...

Event Timeline

ftigeot created this task.Feb 21 2018, 4:22 PM
ftigeot updated the task description. (Show Details)Feb 21 2018, 4:49 PM
olasd added a comment.Feb 26 2018, 12:21 PM

The queries look reasonable, you should go ahead with them.

ftigeot added a comment.Mar 6 2018, 4:27 PM

Test data cleaned up this day.

ftigeot added a comment.Mar 6 2018, 4:35 PM

System logs from 2017-01 cleaned up this day. 15530 documents deleted.

ftigeot changed the task status from Open to Work in Progress.Mar 7 2018, 4:58 PM
ftigeot added a comment.Mar 21 2018, 2:10 PM

System logs from 2017-02 cleaned up this day. 13,435,713 documents deleted.

ftigeot added a comment.Mar 26 2018, 1:29 PM

System logs from 2017-03 cleaned up this day. 13,474,622 documents deleted.

ftigeot added a comment.Mar 28 2018, 1:00 PM

System logs up to 2017-05 cleaned up this day. 25,844,268 documents deleted.

ftigeot added a comment.Mar 29 2018, 2:23 PM

System logs up to 2017-06 cleaned up this day. 25,492,157 documents deleted.

ftigeot added a comment.Apr 3 2018, 2:02 PM

System logs up to 2017-07 cleaned up this day. 24,191,557 documents deleted.

ftigeot added a comment.Apr 3 2018, 3:56 PM

System logs up to 2017-08 cleaned up this day. 13,175,880 documents deleted.

ftigeot added a comment.Apr 3 2018, 5:55 PM

System logs up to 2017-09 cleaned up this day. 15,998,132 documents deleted.

ftigeot added a comment.Apr 4 2018, 2:43 PM

System logs up to 2017-10 cleaned up this day. 23,889,499 documents deleted.

ftigeot added a comment.Apr 5 2018, 10:06 AM

System logs up to 2017-11 purged. 46,110,900 documents deleted.

ftigeot added a comment.Apr 5 2018, 1:23 PM

All remaining system logs from 2017 cleaned up this day. 31,214,858 documents deleted.

ftigeot mentioned this in T1000: Reindex old data on banco to put it into swh_worker indexes.May 25 2018, 2:37 PM
ftigeot added a comment.May 25 2018, 2:55 PM

Some of the first logstash-${date} indexes became empty (zero non-deleted documents) and could simply be deleted as-is.

olasd edited projects, added System administration (Elasticsearch consolidation (W24/2018)); removed System administration.Jun 13 2018, 4:54 PM
ftigeot added a comment.Jun 20 2018, 11:48 AM

The swh_workers-2018.03.07 index contained non-swh-workers documents and was cleaned this way:

curl -i -H'Content-Type: application/json' \
     -XPOST "http://esnode3.internal.softwareheritage.org:9200/swh_workers-2018.03.07/_delete_by_query?pretty=true" -d '
{
	"query" : { "bool" : { "must_not" : [{ "match" : { "systemd_unit" : "swh-worker@" }}] }}
}'
ftigeot added a comment.Jun 21 2018, 11:27 AM

Even though all delete requests were previously successfully processed, non-swh-workers data remain in the legacy logstash-* indexes.
This is not an entirely unexpected behavior. It is possible resource limitations prevented the old Banco node from processing all deletion requests in a bounded time frame.
Deletion queries will be rerun index by index in this way:

 curl -i -H'Content-Type: application/json' \
     -XPOST "http://esnode2.internal.softwareheritage.org:9200/logstash-2018.02.31/_delete_by_query?pretty=true" -d '
{
	"query" : { "bool" : { "must_not" : [{ "match" : { "systemd_unit" : "swh-worker@" }}] }}
}'
ftigeot added a comment.Jun 21 2018, 4:32 PM

It seems like deleting old documents takes a heavy toll on the cluster.
So far, for every month of old logstash indexes cleaned, at least one node member started to misbehave and had to be restarted after excessive timeouts and/or other issues including constant garbage collection and disk trashing.

ftigeot closed this task as Resolved.Jul 4 2018, 11:22 AM

All remaining non-swh-worker logs deleted from legacy logstash-* indexes.

gitlab-migration changed the task status from Resolved to Migrated.Jan 8 2023, 9:57 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal