[graylog2] Re: Is it possible to delete logs in Graylog 2.0 based on source?

Mon, 14 Nov 2016 11:17:23 -0800 

Say, I am attempting to use the delete-by-query plugin to prune a small 
selection of messages. I'm using the Sense plugin for Kibana to find the 
messages I want to delete (I have a handful of messages in 3 indices from 
back in June with timestamps of say 0001-01-01 05:50:36.000. So literally 
every search in Graylog includes these 3 indices because they have invalid 
date ranges. I'm not sure if I am getting caught up on the syntax, or if 
something else is preventing me from deleting these messages. I first tried 
specifying a single message using the _id as reference, and it appears that 
it finds the message in question, but fails to delete. Is my syntax wrong, 
or am I running in to something else?  Index graylog_53 is open and 
health/green.

curl -XDELETE 
localhost:9200/graylog_53/_query?q=_id:d3a2c789-2ea9-11e6-9f65-1c98ec2a9454

and the result is:

{
  "took": 0,
  "timed_out": false,
  "_indices": {
    "_all": {
      "found": 1,
      "deleted": 0,
      "missing": 0,
      "failed": 1
    },
    "graylog_53": {
      "found": 1,
      "deleted": 0,
      "missing": 0,
      "failed": 1
    }
  },
  "failures": []
}



Thanks,

John



On Wednesday, October 19, 2016 at 8:15:57 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Anant,
>
> On Wednesday, 19 October 2016 14:43:39 UTC+2, Anant Sawant wrote:
>>
>> I would like delete logs of system A for a particular date.
>>
>> So is it possible to know in which indices the logs from System A are 
>> stored and remove those particular indices/logs on a particular date?
>>
>
> That's not possible with Graylog directly but you can remove these 
> messages from Elasticsearch using the delete-by-query API: 
> https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/73b6b139-43c1-4c08-96a0-8fca96aa19f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to