The Query in the GUI looks to be a good filter.
24hrs has = 262300014 hits
Code: Select all
curl -XDELETE 'http://localhost:9200/logstash-*/_query?q=SourceName="Microsoft-Windows-Security-Auditing"'Cheers
deleting specific log events
deleting specific log events
Would this be correct syntax to delete all SourceName fields that contain "Microsoft-Windows-Security-Auditing"?
The Query in the GUI looks to be a good filter.
24hrs has = 262300014 hits
Cheers
The Query in the GUI looks to be a good filter.
24hrs has = 262300014 hits
Cheers
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: deleting specific log events
Deleting by query isn't natively available in this verison of ES
You have to add it via plugin
https://www.elastic.co/guide/en/elastic ... query.html
then your query should work.
******NOTE******, this obviously is a destructive query, make sure you have a backup of all pertinent data before running in-case something goes wrong.
You have to add it via plugin
https://www.elastic.co/guide/en/elastic ... query.html
Code: Select all
cd /usr/local/nagioslogserver/elasticsearch/
sudo bin/plugin --install delete-by-query -u https://download.elastic.co/elasticsearch/release/org/elasticsearch/plugin/delete-by-query/2.4.6/delete-by-query-2.4.6.zip
systemctl restart elasticsearch******NOTE******, this obviously is a destructive query, make sure you have a backup of all pertinent data before running in-case something goes wrong.