Now that I have a search which shows all entries with grok parse failures, how would I go about deleting only those entries from elasticsearch?
Use the delete by query API.
Also there seems to be two fields for the orginal message, _source and message which one would be better to use for outputting to a file.
_source is the whole document, i.e. all fields. Depending on how your filters are (and were) set up you might get away with dumping just the message field, but that's impossible for me to say. It should be easy for you since you're familiar with your logging format and your Logstash filters.