Page 1 of 1
Deleting host
Posted: Wed Jul 17, 2019 10:42 am
by carobell
To test if the log server was working I added the nagios server as a host, now I get all my logs for the localhost in double and can't figure out how to delete the double.
I used the scripts to install so everything is as the "default" installation scripts are configured.
Any help would be greatly appreciated.
Re: Deleting host
Posted: Wed Jul 17, 2019 11:08 am
by scottwilkerson
the following should remove it
Code: Select all
rm -f /etc/rsyslog.d/99-nagioslogserver.conf
systemctl restart rsyslog
Re: Deleting host
Posted: Wed Jul 17, 2019 12:06 pm
by carobell
That seems to have taken care of it!
Unsurprisingly the old logs are still available, is there a way to only delete the logs of that one server ?
EDIT: I figured that, in my case, since I just started I would simply edit the "Snapshots & Maintenance" option "Delete indexes older than" to 1 so that I will simply have to wait until tomorrow for the unwanted logs to be deleted and reset the delete option afterwards.
Re: Deleting host
Posted: Wed Jul 17, 2019 3:23 pm
by cdienger
Another option would be to run a query like this:
Code: Select all
curl -XDELETE 'http://localhost:9200/logstash-*/_query?q=host:IP'
Where IP is the IP address of the host the records came from.
Re: Deleting host
Posted: Thu Jul 18, 2019 7:27 am
by carobell
Thank you!
There's a
missing at the end
Re: Deleting host
Posted: Thu Jul 18, 2019 2:40 pm
by cdienger
Corrected. Thanks!