How to delete before 24 hours elasticsearch document

omid · February 7, 2018, 10:11am

hello
Im would delete before 24 hours elasticsearch document
And put this inside the cron
what is the query " delete before 24 hours elasticsearch document" ??

omid · February 7, 2018, 10:47am

my elk server received log from 4 nginx server,
I just want to keep logs 24 hours in advance,
And the rest of it will be erased

omid · February 7, 2018, 10:53am

curl -XDELETE 'http://localhost:9200/filebeat-2018.02.07/_query' -d '
{
  "query": {
    "filtered" : {
      "query" : {
        "term" : { "termName" : "termValue" }
      },
      "filter" : {
        "range" : { "@timestamp" : { "lt" : "now-30d" }}
      }
    }
  }
}'

Something like that

omid · February 8, 2018, 7:52am

Why does not someone answer?

dadoonet · February 8, 2018, 8:05am

Read this and specifically the "Also be patient" part.

dadoonet · February 8, 2018, 8:07am

Here is the documentation for the delete by query: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/docs-delete-by-query.html

omid · February 8, 2018, 2:20pm

Thankful
I solved the problem using this command

curator_cli --host 127.0.0.1 --timeout 300 --port 9200 --http_auth elastic:changeme delete_indices --filter_list '[{"filtertype":"age", "source":"name", "direction":"older", "unit":"days", "unit_count":1, "timestring":"%Y.%m.%d"}]'

I just want to put this command inside the cron or crontab ??

system · March 8, 2018, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.