Delete by query via @timestamp

Elastic Stack Elasticsearch
1

I want to delete highlighted doc in image i tried as below:-

Though its deleting all records, please suggest the right command to achieve the Objective.
POST poc/_delete_by_query
{
"query":{
"range":{
"@timestamp":{ "gt" : "2018-05-04T23:04:00Z"}
}
}
}

image
image.png523×741 22.1 KB

2

The query is correct, however, June 4th is 2018-06-04T23:04:00Z not 2018-05-04T23:04:00Z

1 Like
3

@val Thanks for reply...

Still its not deleting the doc with in time range..

image
image.png1541×532 45.5 KB

4

What do you get when running the following query?

POST poc/_search
{
  "query":{
     "range":{
        "@timestamp":{ "gt" : "2018-06-04T23:04:00Z"}
    }
  }
}
5

@val.. Here we go...
Seems like I did some silly mistake, though couldn't make it out.

image
image1496×559 43.8 KB

6

If you ran that delete by query with 2018-05-04T23:04:00Z then you might have erased all documents from May 4th onwards

7

@val

Mentioning the time range "gt" : "2018-06-04T23:04:00Z", its not deleting the documents.

Can we delete the document based on the HH:MM:SS ?...

8

The thing is that there are no documents coming back when searching from June 4th onwards, so my guess is that the documents have been deleted somehow when you were trying to delete from May 4th onwards.

9

@Val ..I got the solution ..

Below highlighted doc stored in local timezone, though command recognize the GMT time zone which is -8hr from HKT.

image
image.png1277×216 11.2 KB

For the highlighted doc , below is the date has been stored by ELK.

image
image.png1546×621 68.1 KB

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.