How to delete logs from index which came from a particular IP?

Nikhil_Jaiswal · February 3, 2018, 10:25am

Hi folks,

I need to delete logs from elasticsearch which came from a particular IP, i ran below query in sense to delete those logs.

POST logstash-*/_delete_by_query
{
   "query": {
     "match_phrase": {
       "src_ip": "10.10.20.91"
     }
   }
}

and i got below output:

"deleted": 368,

But i am still able to see logs in kibana.

dadoonet · February 3, 2018, 10:54am

What is the output of:

GET logstash-*/_search
{
   "query": {
     "match_phrase": {
       "src_ip": "10.10.20.91"
     }
   }
}

Nikhil_Jaiswal · February 3, 2018, 11:10am

Output:

    {
 "took": 112,

   "timed_out": false,
   "_shards": {
      "total": 470,
      "successful": 220,
      "failed": 0
   },
   "hits": {
      "total": 0,
      "max_score": null,
      "hits": []
   }
}

dadoonet · February 3, 2018, 11:17am

Please format your code using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

Please edit your post. (I edited your first post but please edit your response)

You don't have any result anymore for this query. Could you check what is the query sent by kibana? I believe it's something different. May be post a screenshot of what Kibana is displaying?

system · March 3, 2018, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Delete documents in Elasticsearch from Logstash Logstash	2	183	April 26, 2023
Wipe logs according to timestamp Elasticsearch	3	683	September 19, 2017
Output from Wildcard Delete Elasticsearch	3	415	April 5, 2018
Delete by query using logstash Logstash	2	1038	January 1, 2018
ES delete logs between timestamp range Elasticsearch	3	435	March 11, 2019

How to delete logs from index which came from a particular IP?

Related topics