1

I am trying to delete some part of data in the elasticsearch index using curl. I am trying to delete it based on the timestamp query(like to purge the data from certain time). I have tried the below query but its deleting the complete data in the index.

curl -XDELETE 'http://beepal1.tms.toyota.com:9200/logstash-sys_timestamp' -d '
{
  "query": 
  {
    "range": 
                {
      "@timestamp": 
                  { 
                  "gte": "2016-05-27T07:00:00.000Z",
                  "lte": "2016-05-28T06:59:59.999Z"
      }
    }
  }
}'

I don't know where I am going wrong.

Thanks in advance

Improve this question

1 Answer 1

Reset to default
2

You need to install the delete by query plugin first and then you can run this:

curl -XDELETE 'http://beepal1.tms.toyota.com:9200/logstash-sys_timestamp/_query' -d '
{
  "query": 
  {
    "range": 
                {
      "@timestamp": 
                  { 
                  "gte": "2016-05-27T07:00:00.000Z",
                  "lte": "2016-05-28T06:59:59.999Z"
      }
    }
  }
}'
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am getting this message but the data didn't get deleted. {"took":200,"timed_out":false,"_indices":{"_all":{"found":0,"deleted":0,"missing":0,"failed":0}},"failures":[]}
That probably means no data matches your query. can you try to increase the date interval?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.