Curl User
Reputation: 115
Elasticsearch - Remove old source in GrayLog2
Firstly I have to say im newbie at curl so Im asking here
I have some sources in GrayLog2: https://i.sstatic.net/xkelZ.jpg
and want remove them all
Used curl to delete "12:00:02:" source
curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query' -d ' {"query_string" : { "default_field" : "host", "query" : "12:00:02:" } }'
but got failture
{"_indices":{"graylog2_0":{"_shards":{"total":1,"successful":0,"failed":1,"failures":[{"index":"graylog2_0","shard":0,"reason":"QueryParsingException[[graylog2_0] request does not support [query_string]]"}]}}}}
Anyone can help me with properly curl command ?
Upvotes: 0
Views: 4105
Answers (1)
Val
Reputation: 217334
You're just missing the first query keyword. Change your query to this
curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query' -d ' {"query": {"query_string" : { "default_field" : "host", "query" : "12:00:02:" } } }'
^
|
this was missing
Also you can use this equivalent query
curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query?q=host:"12:00:02:"'
But if you want to delete them all you can also use this query
curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query?q=host:*'
Upvotes: 1
Related Questions
- Removing Data From ElasticSearch
- Remove or delete old data from elastic search
- Removing old indices in elasticsearch
- How to Update Graylog version in docker
- How to manually purge data from Graylog 2.1
- Delete a specific log message from Graylog
- How do I monitor elasticsearch's logs using Graylog?
- How to delete all log data from ElasticSearch using curl?
- Graylog2 - Startup fail. Address already in use
- elasticsearch ttl force delete old messages