Scrub messages from ElasticSearch

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
vAJ
Posts: 456
Joined: Thu Nov 08, 2012 5:09 pm
Location: Austin, TX

Scrub messages from ElasticSearch

Post by vAJ »

Is there anyway post ingestion that we can groom certain messages out of the indexes without dropping them?

I've been able to identify a few message types that I now have a drop filter on, but that won't help me for messages already received and taking up space.

-Andrew
Andrew J. - Do you even grok?
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Scrub messages from ElasticSearch

Post by tmcdonald »

It's possible on the backend but not from the web interface as far as I know:

http://www.elasticsearch.org/guide/en/e ... e-doc.html
http://www.elasticsearch.org/guide/en/e ... elete.html
Former Nagios employee
Top
vAJ
Posts: 456
Joined: Thu Nov 08, 2012 5:09 pm
Location: Austin, TX

Re: Scrub messages from ElasticSearch

Post by vAJ »

Ok. Since we're only doing 14 day retention right now, I'm just going to let them expire. ;)
Andrew J. - Do you even grok?
Top
cmerchant
Posts: 546
Joined: Wed Sep 24, 2014 11:19 am

Re: Scrub messages from ElasticSearch

Post by cmerchant »

That is an easy workaround. We'll go ahead and close the thread. Thanks.
Top
Locked

Return to “Nagios Log Server”