Purge logs according to timestamp

hun · August 17, 2017, 8:37am

I am trying to wipe some logs from one of my graylog indices using curl. When I execute get I get all my logs, but when trying to delete them I get “found”:false
Here’s my get:

curl -XGET "http://graylog.example.com:9200/graylog_index/message/_search" -d '
{
  "query" : {
    "range" : {
        "timestamp" : { "gte" : "2017-07-27 00:00:00.000", "lt" : "2017-07-29 00:00:00.000||+1M"}
    }
  }
}'

and it is working, but substituting -XGET with -XDELETE and _search with query is returning the following:

{"found":false,"_index":"graylog_index","_type":"message","_id":"_query","_version":1,"_shards":{"total":1,"successful":1,"failed":0}}

Thanks in advance.

jochen · August 21, 2017, 2:01pm

You need to install the Delete by Query plugin if you want to delete documents from Elasticsearch defined by a query.

system · September 4, 2017, 2:01pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Delete Logs from Graylog/Elasticsearch Graylog Central (peer support)	2	5079	September 24, 2018
Delete Logs (GUI) Graylog Central (peer support)	2	498	May 6, 2020
Delete a single message from graylog Graylog Central (peer support) elastic	3	523	September 25, 2023
Deleting logs from graylog/elasticsearch (a howto) Graylog Central (peer support)	1	20015	September 14, 2017
[0.9.6] Deleted Logs, Home Page now says: Sorry, Something went wrong Graylog Central (peer support)	9	938	November 29, 2017

Purge logs according to timestamp

Related topics