Hi Marvin, delete-by-query has been moved into a separate Elasticsearch plugin, which you need to install first (at least with Graylog 2.x and Elasticsearch 2.x): https://www.elastic.co/guide/en/elasticsearch/plugins/2.3/delete-by-query-usage.html
Other than that, you can use wildcards in the index name, e. g. "graylog_*". Take a look at your elasticsearch_index_prefix <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L195-L196> configuration setting. Cheers, Jochen On Thursday, 11 August 2016 17:03:42 UTC+2, Marvin Popyk wrote: > > Hello, > > I'm trying to delete a source in Graylog2. I'm using the following > command: > > curl -XDELETE 'http://graylog:9200/graylog/message/_query?q=host > :"source_name:"' > > > and i'm getting the following error: > > > > {"found":false,"_index":"graylog","_type":"message","_id":"_query","_version":1,"_shards":{"total":2,"successful":1,"failed":0}} > > > and it's not deleting the source. It looks like the index name is wrong > but i'm not sure where to find the name of the index. > > > Any help would be appreciated. > > > Thanks > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/85a0e32b-5286-4e03-88f2-9a41713b29bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
