I want to delete highlighted doc in image i tried as below:-
Though its deleting all records, please suggest the right command to achieve the Objective.
POST poc/_delete_by_query
{
"query":{
"range":{
"@timestamp":{ "gt" : "2018-05-04T23:04:00Z"}
}
}
}
The query is correct, however, June 4th is 2018-06-04T23:04:00Z not 2018-05-04T23:04:00Z
What do you get when running the following query?
POST poc/_search
{
"query":{
"range":{
"@timestamp":{ "gt" : "2018-06-04T23:04:00Z"}
}
}
}@val.. Here we go...
Seems like I did some silly mistake, though couldn't make it out.
If you ran that delete by query with 2018-05-04T23:04:00Z then you might have erased all documents from May 4th onwards
Mentioning the time range "gt" : "2018-06-04T23:04:00Z", its not deleting the documents.
Can we delete the document based on the HH:MM:SS ?...
The thing is that there are no documents coming back when searching from June 4th onwards, so my guess is that the documents have been deleted somehow when you were trying to delete from May 4th onwards.
@Val ..I got the solution ..
Below highlighted doc stored in local timezone, though command recognize the GMT time zone which is -8hr from HKT.
For the highlighted doc , below is the date has been stored by ELK.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
