Fix comments about deletion

salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-indices-delete-delete

@@ -41,15 +41,16 @@ while overlimit && [[ $ITERATION -lt $MAX_ITERATIONS ]]; do
   OPEN_INDICES=$(/usr/sbin/so-elasticsearch-query _cat/indices?h=index,status | grep 'open$' | awk '{print $1}' | grep -E "^.ds-logs-.*" | sort -t- -k4)
 
   for INDEX in ${CLOSED_SO_INDICES} ${OPEN_SO_INDICES} ${CLOSED_INDICES} ${OPEN_INDICES}; do
-    # Now that we've sorted the indices from oldest to newest, we need to check each index to see if it is assigned as the current write index for a data stream
-    # To do so, we need to identify to which data stream this index is associated
-    # We extract the data stream name using the pattern below
-    DATASTREAM_PATTERN="logs-[a-zA-Z_.]+-[a-zA-Z_.]+"
-    DATASTREAM=$(echo "${INDEX}" | grep -oE "$DATASTREAM_PATTERN")
+    # Check if index is an older index. If it is an older index, delete it before moving on to newer indices.
     if [[ "$INDEX" =~ "^logstash-.*|so-.*" ]]; then
       printf "\n$(date) - Used disk space exceeds LOG_SIZE_LIMIT (${LOG_SIZE_LIMIT_GB} GB) - Deleting ${INDEX} index...\n" >> ${LOG}
       /usr/sbin/so-elasticsearch-query ${INDEX} -XDELETE >> ${LOG} 2>&1
     else
+      # Now that we've sorted the indices from oldest to newest, we need to check each index to see if it is assigned as the current write index for a data stream
+      # To do so, we need to identify to which data stream this index is associated
+      # We extract the data stream name using the pattern below
+      DATASTREAM_PATTERN="logs-[a-zA-Z_.]+-[a-zA-Z_.]+"
+      DATASTREAM=$(echo "${INDEX}" | grep -oE "$DATASTREAM_PATTERN")
       # We look up the data stream, and determine the write index. If there is only one backing index, we delete the entire data stream
       BACKING_INDICES=$(/usr/sbin/so-elasticsearch-query _data_stream/${DATASTREAM} | jq -r '.data_streams[0].indices | length')
       if [ "$BACKING_INDICES" -gt 1 ]; then