Delete By Query Not Working

wwalker · July 21, 2023, 10:28pm

I have a field that frequently has the value of :. I'm trying to delete all of these entries using the below.

POST /index/_delete_by_query
{
  "query": {
    "match": {
        "log.message": ":"
    }
  }
}

Using dev tools, it seems to run successfully.

{
  "took": 0,
  "timed_out": false,
  "total": 0,
  "deleted": 0,
  "batches": 0,
  "version_conflicts": 0,
  "noops": 0,
  "retries": {
    "bulk": 0,
    "search": 0
  },
  "throttled_millis": 0,
  "requests_per_second": -1,
  "throttled_until_millis": 0,
  "failures": []
}

But then when I check the index, entries still exist.

RabBit_BR · July 21, 2023, 11:43pm

Hi @wwalker

Probably your text field is using the "standard" analyzer and that's why there is no token.
Try using the keyword field:

{
  "query": {
    "match": {
        "log.message.keyword": ":"
    }
  }
}

system · August 18, 2023, 11:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get delete by query to actually delete Elasticsearch	20	3933	December 5, 2019
Delete by query? Elasticsearch	3	1348	December 15, 2021
Delete By query On Fields of type Text Elasticsearch	5	395	June 12, 2023
Delete_by_query returns empty Elasticsearch	2	112	March 13, 2024
Issue with _delete_by_query Elasticsearch	5	3048	May 6, 2019

Delete By Query Not Working

Related Topics