Hi Steve, your query is incorrect.
Please refer to the documentation of the Elasticsearch Delete By Query API I've already linked to: https://www.elastic.co/guide/en/elasticsearch/reference/1.7/docs-delete-by-query.html Cheers, Jochen On Tuesday, 22 March 2016 08:50:50 UTC+1, Steve Miller wrote: > > Hello > > Thank you very much, but i have problems. > > I have 4 indices > > - graylog2_4 > - graylog2_3 > - graylog2_2 > > Then i run this script for each indices > > #!/bin/bash > curl -XPUT 'http://192.168.10.15:9200/graylog2_2/_settings' -d ' > { > "index" : { > "blocks": { > "write": false > > } > } > }' > > After that i try to delete messages with this script. > > #!/bin/sh > SDATE=`date +"%F %H:%M:%S.000" --date="30 days ago"` > > RANGE='{ > "query": { > "query_string": { > "query": "level:7" > } > }, > "post_filter": { > "bool": { > "must": { > "range": { > "created at": { > "lt": "'${SDATE}'" > } > } > } > } > } > }' > RANGE=`echo $RANGE | sed "s/SDATE/${SDATE}/"` > /usr/bin/curl -H "Content-Type: application/json" -X DELETE " > http://192.168.10.15:9200/graylog2_*/_search?pretty=true"; -d "${RANGE}" > echo $RANGE > > but it's not works, i have this error > > "error" : "TypeMissingException[[_all] type[[_search]] missing: No index > has the type.]", > "status" : 404 > > Is something wrong in my script or is it a problem with the ElasticSearch? > > Thank you very much for the help. > > cheers > Steve > > > > Am Montag, 21. März 2016 18:29:19 UTC+1 schrieb Jochen Schalanda: >> >> Hi Steve, >> >> Graylog blocks writes to rotated indices to prevent accidental >> modifications. >> >> You can remove the write block by setting index.blocks.write to false, >> see >> https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-update-settings.html >> >> for details. >> >> >> Cheers, >> Jochen >> >> On Monday, 21 March 2016 15:52:56 UTC+1, Steve Miller wrote: >>> >>> Hello >>> >>> Thank you very much! I have now my query but when i try to delete >>> something, then i have this error. >>> >>> "error" : "ClusterBlockException[blocked by: [FORBIDDEN/8/index write >>> (api)];]", >>> "status" : 403 >>> >>> The query with "-x get" works, but "x- delete" with the error. >>> >>> cheers >>> Steve >>> >>> >>> Am Montag, 14. März 2016 10:00:42 UTC+1 schrieb Steve Miller: >>>> >>>> Hello >>>> >>>> Is it possible to delete all message from Graylog/Elasticsearch with >>>> syslog level 7? Purhaps with a cron job. >>>> We have many debug messages in our Graylog, and so i'm looking for a >>>> way how can remove all this debug messages. >>>> >>>> regards >>>> Steve >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/952d5228-e5a2-425e-bf3c-8d78c20af8bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
