I would recommend storing your two different types of data in two separate indices as they have different retention periods. This would allow you to simply delete complete daily indices rather than using delete by query. For the data that is in the current indices holding all types of data, it is probably easier and more efficient to reindex the security logs into separate indices as the volumes are low and then delete the large indices that contain traffic data.