How to delete all entries based on the contents of two fields

Elastic Stack Elasticsearch
1

I imported a LOT of apache logs the other day. Via Logstash. 'Course, I
messed up and didn't set the timestamp correctly. Now that I've figured out
how to set the timestamp correctly, I want to remove the logs I imported.

For the life of me I can't figure it out.

I've been looking
at Elasticsearch Platform — Find real-time answers at scale | Elastic
(Yes, I'm running 0.90.9) to figure out what to do, but I'm obviously
missing something....

This is what I've tried so far:.

curl -XDELETE 'http://node01.domain.tld:9200/logstash-2014.05.27/_query' -d

'{
"query": {
"filtered" : {
"query" : {
"query_string" : {
"query" : "message:"subdomain.main.tld" AND
host:"hostimportedon""
}
}
}
}
}
'

the results:

{"ok":true,"_indices":{"logstash-2014.05.27":{"_shards":{"total":5,"successful":0,"failed":5}}}}

So, how would I delete something based on two criteria? The host field
matches "hostimportedon" and the messaged field has "subdomain.main.tld" in
it.

I have a total of 4 elasticsearch nodes.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5fb3ec86-76b3-4536-9605-6774784f9d31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

With some tips from whack in the logstash irc channel, I was able to
delete what I wanted with this:

curl -XDELETE 'http://node1:9200/logstash-2014.05.27/_query' -d '{

"query_string" : {
    "query" : "path:\"folderLogFileLoadedFrom\""
    }

}
'

On Thursday, May 29, 2014 4:28:25 PM UTC-7, David Reagan wrote:

I imported a LOT of apache logs the other day. Via Logstash. 'Course, I
messed up and didn't set the timestamp correctly. Now that I've figured out
how to set the timestamp correctly, I want to remove the logs I imported.

For the life of me I can't figure it out.

I've been looking at
Elasticsearch Platform — Find real-time answers at scale | Elastic
(Yes, I'm running 0.90.9) to figure out what to do, but I'm obviously
missing something....

This is what I've tried so far:.

curl -XDELETE 'http://node01.domain.tld:9200/logstash-2014.05.27/_query'

-d '{
"query": {
"filtered" : {
"query" : {
"query_string" : {
"query" : "message:"subdomain.main.tld" AND
host:"hostimportedon""
}
}
}
}
}
'

the results:

{"ok":true,"_indices":{"logstash-2014.05.27":{"_shards":{"total":5,"successful":0,"failed":5}}}}

So, how would I delete something based on two criteria? The host field
matches "hostimportedon" and the messaged field has "subdomain.main.tld" in
it.

I have a total of 4 elasticsearch nodes.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/eacf7664-f662-4a5b-8bbf-29145e85ee36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.