I´m studying Zabbix 3.4.10 which Elasticsearch as historical database and I´m dealing with the following problem:

What is the best solution to delete old data in the Elasticsearch repository?

As an example, I´d like to keep just 7 days of data in the log, dbl, uint and text indexes on the Elastichsearch.

After reading the Elasticsearch documentation (I´m new on it!), I found that the best way to delete ids of a index that has many ids is delete the index itself. It seems to drop a table on a SQL database.

But howto  make this without loosing data?

It is possible to create "rollover index"  in Elasticsearch, but when a new index is created, based on a date rule, for example, the alias point to the new index, that is empty.

The solution is your application make searches with the "*" charater at the end of index name, for example:

GET /dbl*/values ...

Any idea as Zabbix deals with this problem or a better way to clean old Zabbix data in Elasticsearch?

Thanks in advance!