We have setup elasticsearch + logstash. The log stash collects data from
various firewalls/Linux servers etc. I do not need firewall's info logs
older than 7 days, but still need logs above that (critical, warning etc).
Is there any way that I can delete specific in logs from the index or say
logs of specific host(firewall/Server) from the indexes
Basically it says that you should manage your logs so you can delete
complete indices and deleting
lots of documents from an index is not recommendend.
If you still want to try =>
: You can delete by query.
However, read the warning saying not to delete large bulks"
: Set time-to-live
Regards /johan
Den torsdagen den 23:e januari 2014 kl. 09:14:54 UTC+1 skrev Prasad Lele:
Hi,
We have setup elasticsearch + logstash. The log stash collects data from
various firewalls/Linux servers etc. I do not need firewall's info logs
older than 7 days, but still need logs above that (critical, warning etc).
Is there any way that I can delete specific in logs from the index or say
logs of specific host(firewall/Server) from the indexes
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.