How I delete some event?

Hi!!!
I have a question, do you known the way of delete or remove some event
I mean that can do remove the Index but I don’t want to do that, only one or some events.

Could you help me, please?

Regards

Hi @santi

You can create a pipeline rule and utilise the drop_message() function to do this.

Something similar to the below should help you achieve when you’re looking for:

rule "Delete Some Message"
when
    <Match Conditions>
then
    drop_message();
end

In graylog it is not possible to make ‘connection’ between messages, so it can’t recognize it is a duplicated message.
In Graylog you can’t remove stored message, you can drop message at processing time.
In elasticsearch you can delete messages.

Do you know sample example for elasticsearch, please?

Yes Poner, I always know this way for drop but i need remove events old.

Thank yo for reply me (to both)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.