Hi Steve, please refer to https://www.elastic.co/guide/en/elasticsearch/guide/1.x/query-dsl-intro.html for an introduction to the Elasticsearch Query DSL.
Keep in mind, that the "message" field is not the query you'd enter in the Graylog web interface. For example there is a separate "level" field in the messages you've indexed you can query for. Cheers, Jochen On Wednesday, 16 March 2016 12:02:45 UTC+1, Steve Miller wrote: > > Hello > > I try to delete data by "Delete by Query API" but i have a problem with > the right syntax. Before i can delete data, i will try it with GET data. > > /usr/bin/curl -X GET " > http://admin:[email protected]:9200/graylog2_*/message/_query"; > -d'{"query" : {"match": { "message" : "level==7"}}}' > > I want see all records with the Log-Level 7. Not works. > > If it works, then i want delete all message there older as 1 week > ("created at") AND level=7 > and then i want run every day a cron. > > Thank you very much > > cheers > Steve > > > Am Montag, 14. März 2016 10:00:42 UTC+1 schrieb Steve Miller: >> >> Hello >> >> Is it possible to delete all message from Graylog/Elasticsearch with >> syslog level 7? Purhaps with a cron job. >> We have many debug messages in our Graylog, and so i'm looking for a way >> how can remove all this debug messages. >> >> regards >> Steve >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3afc16a3-a3a9-450d-814a-75e0c9b8af5f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
