I imported a LOT of apache logs the other day. Via Logstash. 'Course, I messed up and didn't set the timestamp correctly. Now that I've figured out how to set the timestamp correctly, I want to remove the logs I imported.
For the life of me I can't figure it out. I've been looking at http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/docs-delete-by-query.html#docs-delete-by-query (Yes, I'm running 0.90.9) to figure out what to do, but I'm obviously missing something.... This is what I've tried so far:. curl -XDELETE 'http://node01.domain.tld:9200/logstash-2014.05.27/_query' -d > '{ > "query": { > "filtered" : { > "query" : { > "query_string" : { > "query" : "message:\"*subdomain.main.tld*\" AND > host:\"hostimportedon\"" > } > } > } > } > } > ' the results: {"ok":true,"_indices":{"logstash-2014.05.27":{"_shards":{"total":5,"successful":0,"failed":5}}}} So, how would I delete something based on two criteria? The host field matches "hostimportedon" and the messaged field has "subdomain.main.tld" in it. I have a total of 4 elasticsearch nodes. Thanks! -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5fb3ec86-76b3-4536-9605-6774784f9d31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
