Delete data matching query on Elasticsearch

espogian · February 22, 2019, 2:29pm

Hi,

I have multiple indexes on ES and I would like to delete some documents matching a particular query.
Index name is like logstash-YYYY.MM.dd and each document has a field named fieldname
I would like to delete all the documents with fieldname equal to 1000

From my understanding, the only way to accomplish this is to use the Delete By Query API (https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html).
Could the following work given the above example?

POST logstash-*/_delete_by_query
{
  "query": { 
    "match": {
      "fieldname": "1000"
    }
  }
}

Thanks

dadoonet · February 22, 2019, 2:43pm

Yes. I'd only run that if it about "some documents" and not "many documents". Ie, removing 80% of an index might be less efficient than reindexing 20%...

system · March 22, 2019, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Delete / purge data from fields Elasticsearch	10	579	October 29, 2019
Help deleting by field name Elasticsearch	4	681	July 6, 2017
Delete a field matching a regex Elasticsearch	5	2089	July 11, 2018
Delete by query using logstash Logstash	2	1038	January 1, 2018
Doubt regarding deleting the datas in index in elasticsearch Elasticsearch	3	484	July 5, 2017

Delete data matching query on Elasticsearch

Related topics