Deleting all logs based on a specific application name in Graylog

“I want to delete all logs from the application_name:PMA.WS.OPCService.exe received in the last month in Graylog. I would appreciate your assistance in this matter. Have a good day.”

you will need to find the stream for those logs. each stream has an indexset associated - and there you will need to delete index sets.
Warning: you will also delete other data which is part of this index set!

@ahmetharis, if you store these logs in the same index as all your other logs, you cannot delete the logs you want from the Graylog interface. You can delete the entire index, but you will lose all other logs that are stored with it.

You can use the delete by query command to achieve what you want, but that operation is performed via CLI on the Opensearch node, not in Graylog.

Elasticsearch works that same way if you are still using that. Just google delete by query elasticsearch and it will take you right to it.

Well, I will do this with an app or is there another way? I’m asking how can I do opensearch?

You need a terminal connection. You will connect via CLI to the OpenSearch node and use the curl commands described to run the delete queries against Opensearch.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.