What is the best way to delete in elastic search and reparse an apache log file

elk_dni_1 · January 3, 2019, 6:46pm

path is available in ES records as one field(from where the record is got)

Deleting from Elastic search -

Currently I am doing this way -

curl -s -X POST http://localhost:9200/test-log-*/_delete_by_query?q=path:log1234

Reparse log file -

I have a logstash process running all the time, so

remove and copy the file in logstash path-

cd <logstash_path_dir>;rm log1234; cp <from_source> log1234

This works when I do delete and wait until it becomes zero records in ES and do reparse manually (only some times).
When ran as a script its not working ... Do I need to add more wait (sleep) in script for ES to flush the data?

Charles.w · January 3, 2019, 7:35pm

Hi elk_dni1,

What versions are you using ? How is configured your logstash input plugin ? What OS are you running logstash on ?

Best regards,

Charles Casadei.

elk_dni_1 · January 3, 2019, 7:37pm

Linux OS, ES 6.0.0.0

Input -

input {
file {
type => "abc"
path => "/app/xyz/es-data/app-logs-6/abc/*access*"
codec => plain { charset => "ISO-8859-1" }
exclude => "*.gz"
sincedb_path => "/app/xyz/es-data/metadata-6/sincedb/sincedb_qwert"
max_open_files => 10000
ignore_older => 0
}

To make it new inode, I am removing file and copying again, but still logstash is not picking...

system · January 31, 2019, 7:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reparse logs in elastic search Elasticsearch	9	4047	July 5, 2017
Failing to search after removing docs Elasticsearch	4	779	July 5, 2017
Help deleting data Logstash	8	429	May 2, 2018
Manually delete old logs/indices in ELK 7.3.0 Elasticsearch	6	4218	May 24, 2020
Delete Old Log Files in ES 2.3.4 Elasticsearch	2	1368	February 4, 2017

What is the best way to delete in elastic search and reparse an apache log file

Deleting from Elastic search -

Reparse log file -

Related topics