Delete data matching query on Elasticsearch

espogian · February 22, 2019, 2:29pm

Hi,

I have multiple indexes on ES and I would like to delete some documents matching a particular query.
Index name is like logstash-YYYY.MM.dd and each document has a field named fieldname
I would like to delete all the documents with fieldname equal to 1000

From my understanding, the only way to accomplish this is to use the Delete By Query API (https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html).
Could the following work given the above example?

POST logstash-*/_delete_by_query
{
  "query": { 
    "match": {
      "fieldname": "1000"
    }
  }
}

Thanks

dadoonet · February 22, 2019, 2:43pm

Yes. I'd only run that if it about "some documents" and not "many documents". Ie, removing 80% of an index might be less efficient than reindexing 20%...

system · March 22, 2019, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Delete documents in elasticserach like DeleteByQuery Logstash	1	321	December 27, 2018
Delete Data from ES based on query Elasticsearch	3	557	April 14, 2017
Delete document from elastic search Elasticsearch	4	769	November 29, 2017
How to delete multiple documents from your index Kibana	3	1955	October 12, 2018
Delete document when not in specified indexes Elasticsearch	3	337	July 6, 2017

Delete data matching query on Elasticsearch

Related topics