Delete By Query Not Working

wwalker · July 21, 2023, 10:28pm

I have a field that frequently has the value of :. I'm trying to delete all of these entries using the below.

POST /index/_delete_by_query
{
  "query": {
    "match": {
        "log.message": ":"
    }
  }
}

Using dev tools, it seems to run successfully.

{
  "took": 0,
  "timed_out": false,
  "total": 0,
  "deleted": 0,
  "batches": 0,
  "version_conflicts": 0,
  "noops": 0,
  "retries": {
    "bulk": 0,
    "search": 0
  },
  "throttled_millis": 0,
  "requests_per_second": -1,
  "throttled_until_millis": 0,
  "failures": []
}

But then when I check the index, entries still exist.

RabBit_BR · July 21, 2023, 11:43pm

Hi @wwalker

Probably your text field is using the "standard" analyzer and that's why there is no token.
Try using the keyword field:

{
  "query": {
    "match": {
        "log.message.keyword": ":"
    }
  }
}

system · August 18, 2023, 11:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get delete by query to actually delete Elasticsearch	20	3970	December 5, 2019
Delete by query? Elasticsearch	3	1367	December 15, 2021
Delete By query On Fields of type Text Elasticsearch	5	400	June 12, 2023
Delete_by_query returns empty Elasticsearch	2	112	March 13, 2024
_delete_by_query must match exactly Elasticsearch	3	623	April 8, 2020

Delete By Query Not Working

Related topics