Using the Curl Command

Didier · October 27, 2015, 8:58pm

Hello,

In order to validate that my log entries are being parsed correctly, I am running the following command:

Whenever a new entry is added, I see the "Hit" increment as expected. I have the following questions:

I seem to only see the details of 10 entries. Is there a way to modify the configuration in order to see ALL the entries in chronological order?
Is it normal that there is some kind of delay between the time that an entry is entered in Logstash and the time that you can see the entry using the curl command above?
What is the command to delete specific entries?
Is there a reason why I do not see any entries at all?

Thanks for all your assistance

magnusbaeck · October 27, 2015, 9:17pm

Yes, set the the size parameter in the query body. See https://www.elastic.co/guide/en/elasticsearch/reference/1.7/search-request-from-size.html.
Yes, documents are only available for queries after a refresh has taken place. Logstash indexes will (IIRC) be refreshed every five seconds by default.
Use the delete API to delete documents by id and the delete by query API to, well, delete documents based on a query (but note that it's deprecated).
That's impossible to answer with the information you've given us.

Topic		Replies	Views
Delete and Insert documents in elasticsearch from logstash Logstash	2	628	August 31, 2020
Delete several documents in elastic with logstash? Logstash	2	1087	September 27, 2018
Delete Old Log elastic search Logstash	4	30	July 18, 2024
Drop grok failures Logstash	10	1055	September 29, 2020
Not all log entries show up in the Elasticsearch indices Logstash	2	264	April 29, 2019