Hi Peter, try using "_all" instead of "graylog2_*" as index name.
Cheers, Jochen On Tuesday, 4 October 2016 06:23:18 UTC+2, [email protected] wrote: > > Hi, > > The delete-by-query plugin is installed and I'm using: > > curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query' -d ' { > "query_string" : { "default_field" : "host", "query" : "mail_logs:" } }' > > But it is not accepting the wildcard when issuing the command... > > Thanks in advance, > > Peter > > On Tuesday, September 20, 2016 at 11:35:05 PM UTC+2, Jochen Schalanda > wrote: >> >> Hi, >> >> please provide the exact query you're sending to Elasticsearch and the >> response you receive. >> >> Also make sure, that the delete-by-query plugin is installed in your >> Elasticsearch nodes: >> https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html >> >> Cheers, >> Jochen >> >> On Tuesday, 20 September 2016 18:20:39 UTC+2, [email protected] wrote: >>> >>> Is it possible in graylog 2.1.1 deleting all messages from a specific >>> host: >>> >>> I found this, but it seems that graylog2 is not accepting wildcard in >>> the query... >>> >>> curl -XDELETE ' >>> http://syslog.contoso.local:9200/graylog2_*/message/_query' -d ' { >>> "query_string" : { "default_field" : "host", "query" : "hostname:" } }' >>> >>> Help on that would be highly appreciated... Thanks in advance many >>> times!! >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1e9c6180-7799-4bb3-b1de-1327653dc635%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
