While creating a new log to watch I ended up with a lot of data that I didn’t want and then as I was mucking around with it, I duplicated it all but with the revised data (less but better named fields). Grrr. I was looking for some deduplication and there is an excellent post here about that. As I thought of it more, I realized I just needed to delete the old data that had specific fields and data. With a little hunting and a little cobbling I came up with a curl that would do it:
curl -X POST "<MyElastiSrv>:9200/<indexName>/_delete_by_query?pretty" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{
"match": {
"<fieldName>": "<FieldData>"
}
},
{
"exists": {
"field": "<FieldName>"
}
}
]
}
}
}
'
Once you are done, you need to make sure you re-calc the index ranges:
