Hi, please provide the exact query you're sending to Elasticsearch and the response you receive.
Also make sure, that the delete-by-query plugin is installed in your Elasticsearch nodes: https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html Cheers, Jochen On Tuesday, 20 September 2016 18:20:39 UTC+2, pm.scho...@gmail.com wrote: > > Is it possible in graylog 2.1.1 deleting all messages from a specific host: > > I found this, but it seems that graylog2 is not accepting wildcard in the > query... > > curl -XDELETE 'http://syslog.contoso.local:9200/graylog2_*/message/_query' > -d ' { "query_string" : { "default_field" : "host", "query" : "hostname:" } > }' > > Help on that would be highly appreciated... Thanks in advance many times!! > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c0af6ed2-933a-43db-ba24-d447e5e788b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.