[graylog2] Re: Is it possible to delete logs in Graylog 2.0 based on source?

2016-11-14 Thread John Buchanan 
Say, I am attempting to use the delete-by-query plugin to prune a small 
selection of messages. I'm using the Sense plugin for Kibana to find the 
messages I want to delete (I have a handful of messages in 3 indices from 
back in June with timestamps of say 0001-01-01 05:50:36.000. So literally 
every search in Graylog includes these 3 indices because they have invalid 
date ranges. I'm not sure if I am getting caught up on the syntax, or if 
something else is preventing me from deleting these messages. I first tried 
specifying a single message using the _id as reference, and it appears that 
it finds the message in question, but fails to delete. Is my syntax wrong, 
or am I running in to something else?  Index graylog_53 is open and 
health/green.

curl -XDELETE 
localhost:9200/graylog_53/_query?q=_id:d3a2c789-2ea9-11e6-9f65-1c98ec2a9454

and the result is:

{
  "took": 0,
  "timed_out": false,
  "_indices": {
"_all": {
  "found": 1,
  "deleted": 0,
  "missing": 0,
  "failed": 1
},
"graylog_53": {
  "found": 1,
  "deleted": 0,
  "missing": 0,
  "failed": 1
}
  },
  "failures": []
}



Thanks,

John



On Wednesday, October 19, 2016 at 8:15:57 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Anant,
>
> On Wednesday, 19 October 2016 14:43:39 UTC+2, Anant Sawant wrote:
>>
>> I would like delete logs of system A for a particular date.
>>
>> So is it possible to know in which indices the logs from System A are 
>> stored and remove those particular indices/logs on a particular date?
>>
>
> That's not possible with Graylog directly but you can remove these 
> messages from Elasticsearch using the delete-by-query API: 
> https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/73b6b139-43c1-4c08-96a0-8fca96aa19f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Is it possible to delete logs in Graylog 2.0 based on source?

2016-10-19 Thread Jochen Schalanda 
Hi Anant,

On Wednesday, 19 October 2016 14:43:39 UTC+2, Anant Sawant wrote:
>
> I would like delete logs of system A for a particular date.
>
> So is it possible to know in which indices the logs from System A are 
> stored and remove those particular indices/logs on a particular date?
>

That's not possible with Graylog directly but you can remove these messages 
from Elasticsearch using the delete-by-query 
API: 
https://www.elastic.co/guide/en/elasticsearch/plugins/2.4/plugins-delete-by-query.html

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e5866af7-ae7b-473f-87e3-b4a80e252193%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.