Hello Jochen,
I ran the command again:
curl -XDELETE 'http://10.101.81.199:9200/graylog2_0/message/_query?pretty' -d
'{
"query_string":{
"default_field" : "source",
"query": "SERVER-1"
}
}'
The OUTPUT is:
"_indices" : {
"graylog2_0" : {
"_shards" : {
"total" : 1,
"successful" : 0,
"failed" : 1,
"failures" : [ {
"index" : "graylog2_0",
"shard" : 0,
"reason" : "QueryParsingException[[graylog2_0] request does not
support [query_string]]"
} ]
Request doesn't support?
Thank you.
On Thursday, October 1, 2015 at 2:48:47 PM UTC-3, Jochen Schalanda wrote:
>
> Hi Juan,
>
> you pretty much only have to replace your last GET request with a DELETE
> request, see
> https://www.elastic.co/guide/en/elasticsearch/reference/1.7/docs-delete-by-query.html
>
> for reference and Jean-Luc's last post for an example.
>
>
> Cheers,
> Jochen
>
> On Thursday, 1 October 2015 16:56:31 UTC+2, Juan Andres Ramirez wrote:
>>
>> Hello,
>> I'm opening this old treath because I have the same problem.
>> I used the same command to delete every message with source as target.
>> For example:
>>
>> curl -XGET 'http://10.101.81.199:9200/graylog2_20/message/_search?pretty
>> '
>>
>> My output is :
>>
>> {
>> "_index" : "graylog2_20",
>> "_type" : "message",
>> "_id" : "9d8cd406-605f-11e5-943e-005056a9199b",
>> "_score" : 1.0,
>> "_source":{"gl2_source_node":"297d10be-8e9e-4021-9ab6-deedd27202ce"
>> ,"s-ip":"10.101.250.209","time-taken":73,"csUser-Agent":
>> "Jakarta+Commons-HttpClient/3.1","EventReceivedTime":"2015-09-21
>> 08:54:28","date":"2015-09-21","request_time":"12:54:24","version":"1.1",
>> "s-port":443,"timestamp":"2015-09-21 12:54:28.000","SourceModuleName":
>> "iis","time":"12:54:24","level":6,"_id":
>> "9d8cd406-605f-11e5-943e-005056a9199b","gl2_source_input":
>> "5585b15184ae398b735b8d36","c-ip":"64.145.75.146","SourceModuleType":
>> "im_file","full_message":"2015-09-21 12:54:24 10.101.250.209 GET
>> /p1/clients/6035757/populationData Jakarta+Commons-HttpClient/3.1 200 0 0
>> 73","cs-uri-stem":"/p1/clients/6035757/populationData","sc-win32-status":
>> 0,"cs-method":"GET","message":"2015-09-21 12:54:24 10.101.250.209 GET
>> /p1/clients/6035757/popul","sc-status":"200","SourceName":"IIS",
>> "sc-substatus":0,*"source":"SERVER-1"*,"streams":[]}
>>
>>
>> So I want to delete every input with source: SERVER-1 in index
>> graylog2_20.
>>
>> I tried with the following command but the output is null, I'm testing
>> with XGET.
>>
>> # curl -XGET 'http://10.101.81.199:9200/graylog2_20/messages/_query' -d
>> '{
>> "query_string": {
>> "default_field" : "source",
>> "query": "SERVER-1"}}'
>>
>>
>> Output:
>> {"_index":"graylog2_20","_type":"messages","_id":"_query","found":false}
>>
>> someone knows how to Delete by source?.
>>
>> Thank you.
>>
>>
>>
>> On Thursday, January 16, 2014 at 6:26:40 AM UTC-3, Jean-Luc Bassereau
>> wrote:
>>>
>>> That looks something like this for me :
>>>
>>> curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query' -d ' {
>>> "query_string" : { "default_field" : "host", "query" : "HOSTNAME" } }'
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d6331c54-3c21-45ed-9073-d9519bd7c686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
