Delete / purge data from fields

shappy123 · September 25, 2019, 5:22am

Hi Guys,

Would highly appreciate if you guys can please assist me on this , I need to delete/purge existing + old data which contains these fields : fields.SourceContext & fields.RequestBody under the fields.applicationName= "xyz" .

Can you please let me know what should be the command or script so I can run & delete/purge them.

Hope to hear from you soon.

Cheers

Shap

spinscale · September 25, 2019, 11:52am

See the Delete by Query API

If you alternatively could delete a whole index instead of single documents, you should do that due to much faster execution, otherwise the above should work for you.

shappy123 · September 25, 2019, 12:16pm

hi Alexander,

thanks for your reply, would appreciate if you could plz write the query, as I m very new to elastic and not have much time to try it out on my own, please would appreciate.

thanks

spinscale · September 25, 2019, 12:42pm

Please note, that this is forum completely based on voluntary replies. If you do not have a lot of time, you may want to take a look at commercial support options instead. See https://www.elastic.co/subscriptions

I personally do expect people to invest some time into solving a problem, after shown a potential solution. If you try things out and show examples, error messages, how something is not working or what details you are missing on, it's a completely different thing, but just asking to get the work done by someone else without willingness to learn it yourself is something I consider rude towards others and their time and willingness to help.

shappy123 · September 25, 2019, 10:23pm

Hi Alexandar,

Thanks for it , i will try it and let know here if still I am on the right path... cheers

shappy123 · September 26, 2019, 5:05am

@spinscale..Hi alexandar, can you please let me know if this query is fine , I had a field named as "fields.xyz" under the _source which has information stored with a these letters " Docabc" , so if i run it would this delete the "fields.xyz" field only:

POST logstash-2019.06.10/_delete_by_query
{
"query": {
"match": {
"message": "Docabc"
}
}
}

spinscale · September 26, 2019, 7:00am

you need to specify the concrete field named fields.xyz instead of message

shappy123 · September 29, 2019, 11:29pm

@spinscale, thanks for your reply, i got your point from the last reply , but the problem is that we have 3 different cluster env ( prod, preprod and nonprod ) plus i just want to delete them from under this fields.ApplicationName= abc-abc123-123 , this fileds.applicationName is under the prod cluster and the source words "Docabc" are within the filed.Message ( eventually the filed.message is very huge, so these charcters " Docabc" are part of this field.message)... so eventually i need to delete/purge data that have all these included...... what should i do then... please let me know

spinscale · September 30, 2019, 12:14pm

I do not understand where the problem is regarding a cluster environment and why that means you need to execute a different query.

If you mean, you need to specify more than one criteria to match your query, take a look at the bool query with a must part, that can be an array.

--Alex

shappy123 · October 1, 2019, 11:51pm

@spinscale.. Hi .. thanks a lot the bool query works what I was actually looking for, my next question : is there any way around to make these queries automated , so that it may run by itself or by scheduling them.

Cheers

system · October 29, 2019, 11:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.