Hi, please provide the exact query you're sending to Elasticsearch and the response you receive.
Also make sure, that the delete-by-query plugin is installed in your Elasticsearch nodes: https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html Cheers, Jochen On Tuesday, 20 September 2016 18:20:39 UTC+2, [email protected] wrote: > > Is it possible in graylog 2.1.1 deleting all messages from a specific host: > > I found this, but it seems that graylog2 is not accepting wildcard in the > query... > > curl -XDELETE 'http://syslog.contoso.local:9200/graylog2_*/message/_query' > -d ' { "query_string" : { "default_field" : "host", "query" : "hostname:" } > }' > > Help on that would be highly appreciated... Thanks in advance many times!! > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c0af6ed2-933a-43db-ba24-d447e5e788b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
