Hi,
I want to delete all the records within a timestamp range from a single index. I am running Elasticsearch version 1.7.0 but not able to follow the examples. If anyone can help readily with this, I would be very grateful to you!
Thanks in advance,
Satish/
I was able to do it using the below:
curl -vv -XDELETE 'http://es_host:9200/logstash-tag1-2015.09.09/_query' -d '{
"query": {
"filtered" : {
"query" : {
"term" : { "tags" : "tag1" }
},
"filter" : {
"range" : {
"@timestamp" : { "gt" : "2015-10-19T00:00:00", "lt" : "2015-10-21T19:00:00" }
}
}
}
}
}'Note that using the Delete By Query API was deprecated in 1.5.3 and will be removed in 2.0 for the reasons given there. Using Scan & Scroll to find the ids of the records and then delete them by bulk request is the prefered way now. Also starting in 2.0 there is going to be a plugin that will make this easier, however there are other things to keep in mind when using it decribed here.
Thanks @cbuescher. I will look forward to 2.0. By the way do you know if these plugins will be bundled by default with elasticsearch? The cluster instances are behind firewall hence asking as plugin/install won't work.
No, although the plugins are maven submodules in the repo, they need to be installed indivudually. They usually offer functionality that is not needed by every user.
If you are behind a proxy, you use that: https://www.elastic.co/guide/en/elasticsearch/plugins/2.0/_other_command_line_parameters.html#_proxy_settings
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.