Delete Logs from Graylog/Elasticsearch


I’m trying to delete certain logs from graylog/elasticsearch using a curl query string command with no luck. I know I need to use -XDELETE to remove the log I just what to read it first.

curl -GET ‘http://localhost:9200/graylog_26/message/_query’ -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc*”:"{}"}}}’


curl -GET ‘http://localhost:9200/graylog_26/message/_query’ -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc”:"{}"}}}’ curl -GET ‘http://localhost:9200/graylog_26/message/_query’ -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc”:"{}"}}}’ {“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:“request [/graylog_26/message/_query] contains unrecognized parameter: [â��{â��queryâ��:{â��query_stringâ��:{â��queryâ��:â��message:password]”}],“type”:“illegal_argument_exception”,“reason”:“request [/graylog_26/message/_query] contains unrecognized parameter: [â��{â��queryâ��:{â��query_stringâ��:{â��queryâ��:â��message:password]”},“status”:400}

(Philipp Ruland) #2

Heyo @lissaware,

little hint: The easy and fast way to get a correct and working query to elasticsearch is to run a query on the search or a stream in Graylog and then select show query from the more actions dropdown.

But you should not delete Gralog-managed data from Elasticsearch from outside Graylog. If you do, you’ll have to go to System -> Indices -> :The appropriate index-set: -> Recalculate index ranges. :slight_smile:


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.