Search code examples

Elasticsearch - Remove old source in GrayLog2

Firstly I have to say im newbie at curl so Im asking here

I have some sources in GrayLog2:

and want remove them all

Used curl to delete "12:00:02:" source

curl -XDELETE '*/message/_query' -d ' {"query_string" : { "default_field" : "host", "query" : "12:00:02:" } }'

but got failture

{"_indices":{"graylog2_0":{"_shards":{"total":1,"successful":0,"failed":1,"failures":[{"index":"graylog2_0","shard":0,"reason":"QueryParsingException[[graylog2_0] request does not support [query_string]]"}]}}}}

Anyone can help me with properly curl command ?


  • You're just missing the first query keyword. Change your query to this

    curl -XDELETE '*/message/_query' -d ' {"query": {"query_string" : { "default_field" : "host", "query" : "12:00:02:" } } }'
                                                                      this was missing

    Also you can use this equivalent query

    curl -XDELETE '*/message/_query?q=host:"12:00:02:"'

    But if you want to delete them all you can also use this query

    curl -XDELETE '*/message/_query?q=host:*'