Delete multiple docs with matching multiple elements

kaushik.vankayala · January 30, 2019, 11:41am

Hi There,

I have the documents in my index in the following format;

{
  "_index": "mt_uat-app",
  "_type": "doc",
  "_id": "bR2vjmUBJkTWRy0yg7Y1",
  "_version": 1,
  "_score": 1,
  "_source": {
    "PartnerID": "wirecard",
    "Environment": "UAT",
    "loglevel": "INFO",
    "APITransactionId": "4d95e9b12cf0488084a22a8760c92c20",
    "audittype": "Audit-IN",
    "@timestamp": "2018-08-31T01:03:10.917Z",
    "PartnerUniqueID": "5d032ba3a5ff4c0aab7c5cb2cb6382c5",
    "CorrelationId": "baf56f70-ace7-11e8-b5ae-027cf458ba1c",
    "Request": "POST /api/experience/member/login",
    "ApplicationName": "experience-app",
  },
  "fields": {
    "@timestamp": [
      "2018-08-31T01:03:10.917Z"
    ]
  }
}

I intend to delete a set of docs that have matching APITransactionId. The list of APITransactionId is also a set.

I could delete the doc one at a time by delete_by_query API as follows;

POST mt_uat-app/_delete_by_query
{
  "query": { 
    "match": {
      "APITransactionId": "b0b808be30854a108c862451aa58e655"
    }
  }
}

But is there a way like if i have multiple APITransactionId and delete all docs that have that Id. I also tried to pass an array like below, but it doesnt work;

POST mt_uat-app/_delete_by_query
{
  "query": { 
    "match": {
      "APITransactionId": ["b0b808be30854a108c862451aa58e655", "4d7ac86f688e4163aa5264866ed72fca", "7931f54526274cc2b481c10ba7b6a3b2"]
    }
  }
}

Any solution and alternative approaches, please kindly suggest!

Regards

Kaushik

dadoonet · January 30, 2019, 11:55am

You should use https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-query.html

kaushik.vankayala · January 30, 2019, 11:59am

Worked like a charm. Thank you so much @dadoonet !

kaushik.vankayala · January 30, 2019, 12:23pm

@dadoonet Also, could you suggest how its possible to filter out the docs which have the count of APITransactionId exactly 1.

So in brief for every hit of an API, an Audit-IN and and an Audit-OUT will be generated which will have same APITransactionId. But if the api does not respond then we will NOT get an Audit-OUT.

I am looking for a DSL query probably with aggregation or an alternate approach to get all the docs which have the count of APITransactionId only 1, that way i get to filter out all docs which have only Audit-IN and NO Audit-OUT for a specific APITransactionId

Any help appreciated!

dadoonet · January 30, 2019, 12:37pm

That's another question. You should open a new one.

kaushik.vankayala · January 31, 2019, 4:07am

Ohk will do, thank you!

I have posted it here (Get all docs with the occurrence of field values only once) but could not get any responses till date. Could you kindly have a look if possible @dadoonet

system · February 28, 2019, 4:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.