Dear All,
I need to delete a lot of messages in a particular index. I’m running the 3.1.4 appliance. Can I delete using a time range ? (FROM : xxxx-xx-xx xx:xx:xx TO: xxxx-xx-xx xx:xx:xx)
Thanks
This is not possible from within Graylog itself.
Graylog can drop messages so they are never indexed within ES however, it does not allow you to delete specific messages once they have been indexed.
Yes … I suppose… but with Elastichsearch?
If you check the Elasticsearch documentation there will probably be something in there on deleting documents.
Yes , I checked but nothing with a time range … is it correct?
A while back I had some duplicate data in Graylog which had to be removed. I wrote a small Python script to help me accomplish it, maybe it can be of use for you as well. It removes the data from ES and calls the Graylog API to optimize the index afterwards.
There might be some env specific things you need to adjust but the gist can be found here; Script for removing messages from Graylog · GitHub
1 Like
Thanks! I 'll check this.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.