Delete logs in elasticsearch with multiple queries

I want to delete logs in elasticsearch based on query with multiple terms.
E.g. Delete all logs with "tags: local AND message: info".

The log which contain both of them in respective fields, only those are to be deleted.

https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html

Been through this, used "term" and "match" methods, but these methods does not support multiple field queries.

POST trial-*/_delete_by_query
{
  "query": {
    "match": {
      "tags": "local",
      "message": "info"
    }
  }
}

This returns

{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[match] query doesn't support multiple fields, found [message] and [tags]",
"line": 1,
"col": 45
}
],
"type": "parsing_exception",
"reason": "[match] query doesn't support multiple fields, found [message] and [tags]",
"line": 1,
"col": 45
},
"status": 400
}

Found the solution. Below works

POST trial-*/_delete_by_query 
{
"query": {
        "bool": {
            "must": [
            { "term": { "tags": "local"}},
            { "term": { "message": "info"}}
            ]
        }
    }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.