I have setup a ELK stack to collect logs at central server. It is working perfectly. But by default it is holding elasticsearch index/data permanently. We just want to maintain the data for 30Days. Please anyone point me how to delete indexs/data older than 30 days from elasticsearch DB. Elasticsearch version is 2.3.3.

There are two easy ways to do this, both require setting up a scheduled task.

  1. If you are using time series index names you can do something like

    curl -DELETE http://es-host:9200/index-yyyy.mm*
  2. If you're not using dates in your index names you will want to use Elasticsearch Curator

