Wipe logs according to timestamp

hun · August 18, 2017, 8:39am

Hi All,

I have 2 elasticsearch nodes version 2.4.3 and I am trying to delete some logs that fall in a certain time range. When I search for the logs in the time range I specify, I get the following:

{
  "took" : 174,
  "timed_out" : false,
  "_shards" : {
    "total" : 4,
    "successful" : 4,
    "failed" : 0
  },
  "hits" : {
    "total" : 2498365,
    "max_score" : 1.0,

To get that I execute the following:

curl -XGET "http://elasticsearch_IP:9200/graylog_index/message/_search?pretty=true" -d '
{
   "query": {
        "range" : {
         "timestamp" : { "gt" : "2017-07-27 00:00:00.000", "lt" : "2017-07-29 00:00:00.000"}
     }
   }
}'

When deleting I am substituting "-XGET" with "-XDELETE" and "_search" with "_delete_by_query" and this returning not found:

{
  "found" : false,
  "_index" : "graylog_index",
  "_type" : "message",
  "_id" : "_delete_by_query",
  "_version" : 1,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  }
}

Knowing that I already installed the delete-by-query plugin and checked that it is there! Thanks in advance.

danielmitterdorfer · August 22, 2017, 1:08pm

Hi @hun,

it's a bit trappy but according to the docs you need to use -XPOST not -XDELETE. As we can see from the output at the bottom of your post, Elasticsearch tried to delete a document with the id _delete_by_querywith the request that you've sent.

Daniel

hun · August 22, 2017, 1:23pm

Hey Daniel,

Thanks for emphasising that, I already realised my mistake.

Cheers

system · September 19, 2017, 1:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.