Hello Guys,
I need to know how to get a specific key named source, it's inside the section _source.
First I executed command:
curl -XGET 'http://10.101.81.199:9200/graylog2_20/_search?pretty' -d '{
"query": { "match": {"source": "SERVER-1"}},
"_source": ["source"]}'
Output:
"_index" : "graylog2_20",
"_type" : "message",
"_id" : "9d8cfb12-605f-11e5-943e-005056a9199b",
"_score" : 3.0858476,
"_source":{"**source":"SERVER-1**"}
I need get the key source it's inside in "_source" to find every source with SERVER-1 and delete every key found.
Thank you.
Are you looking for the delete by query API?
Hi Magnus,
Yes but I can't find the way to delete by query api. I tried with some command, for example:
curl -XGET 'http://10.101.81.199:9200/graylog2_20/message/_query' -d '{
"query_string":{
"default_field" : "source",
"query": "SERVER-1"
}
}'
OUTPUT:
{"_index":"graylog2_20","_type":"messages","_id":"_query","found":false}
I can delete by ID but I have around 50G in data.....delete 1 at time by ID is crazy....
Thank you.
The documentation I linked to contains examples that are very close to what you need so I'm not sure what's unclear. Your command uses -XGET but you need -XDELETE. If you correct that it might actually work. Well, except that there appears to be something wrong with the query itself since it matches zero documents.
Hello Magnus, Sorry my mistake,
COMMAND:
curl -XDELETE 'http://10.101.81.199:9200/graylog2_0/message/_query?pretty' -d '{
"query_string":{
"default_field" : "source",
"query": "SERVER-1"
}
}'
OUTPUT:
"_indices" : {
"graylog2_0" : {
"_shards" : {
"total" : 1,
"successful" : 0,
"failed" : 1,
"failures" : [ {
"index" : "graylog2_0",
"shard" : 0,
"reason" : "QueryParsingException[[graylog2_0] request does not support [query_string]]"
} ]
The index has enable write/read.
Any idea why the request doesn't support?.
Thank you.
Its works!!, problem solved, Thank you Magnus.