How to delete logs from index which came from a particular IP?

Nikhil_Jaiswal · February 3, 2018, 10:25am

Hi folks,

I need to delete logs from elasticsearch which came from a particular IP, i ran below query in sense to delete those logs.

POST logstash-*/_delete_by_query
{
   "query": {
     "match_phrase": {
       "src_ip": "10.10.20.91"
     }
   }
}

and i got below output:

"deleted": 368,

But i am still able to see logs in kibana.

dadoonet · February 3, 2018, 10:54am

What is the output of:

GET logstash-*/_search
{
   "query": {
     "match_phrase": {
       "src_ip": "10.10.20.91"
     }
   }
}

Nikhil_Jaiswal · February 3, 2018, 11:10am

Output:

    {
 "took": 112,

   "timed_out": false,
   "_shards": {
      "total": 470,
      "successful": 220,
      "failed": 0
   },
   "hits": {
      "total": 0,
      "max_score": null,
      "hits": []
   }
}

dadoonet · February 3, 2018, 11:17am

Please format your code using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

Please edit your post. (I edited your first post but please edit your response)

You don't have any result anymore for this query. Could you check what is the query sent by kibana? I believe it's something different. May be post a screenshot of what Kibana is displaying?

system · March 3, 2018, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.