Delete by source

Juan_Andres_Ramirez · October 1, 2015, 1:06pm

Hello Guys!,
I'm going to try delete documents from specific source, and I have the next struct:

"_index" : "graylog2_0",
"_type" : "message",
"_id" : "502a30a1-33a9-11e5-8a4c-005056a9199b",
"_score" : 1.0,
"_source":{ "request_time":"15:16:50","version":"1.1","SourceName":"IIS","sc-substatus":0,"source":"SERVER-NAME","streams":[]}

So I need delete every document or message or input with "source": "SERVER-NAME".
I tried with this command but I had error:

curl -XDELETE 'http://10.101.81.199:9200/graylog2_20/_search?source:SERVER-1'
{"error":"ClusterBlockException[blocked by: [FORBIDDEN/8/index write (api)];]","status":403}

Someone knows how to delete?.

Thank you.

Juan_Andres_Ramirez · October 1, 2015, 2:04pm

I tried by query, but I had error too:

# curl -XGET 'http://10.101.81.199:9200/graylog2_20/message/_query' -d '{
> "query_string":{
> "default_field" : "source",
> "query": "SERVER-1"
> }
> }'
{"_index":"graylog2_20","_type":"message","_id":"_query","found":false}

Thank you.

Juan_Andres_Ramirez · October 1, 2015, 5:47pm

I used the next command and the problems still there.

# curl -XDELETE 'http://10.101.81.199:9200/graylog2_0/_search?pretty' -d '{
"query": { "match": {"source": "SERVER-1"}},
"_source": ["source"]}'

And the output:

"error" : "TypeMissingException[[_all] type[[_search]] missing: No index has the type.]",
  "status" : 404

Thank you.

Topic		Replies	Views
Elasticsearch: Delete by source Elasticsearch	2	340	July 24, 2018
How to get the Key Elasticsearch	7	1150	July 5, 2017
Curl Xdelete with ELASTICSEARCH 6.1 Elasticsearch	5	1641	February 5, 2018
Delete document from elastic search Elasticsearch	4	740	November 29, 2017
Delete API (ES ver1.7) by regexp Elasticsearch	1	745	July 5, 2017

Delete by source

Related topics