0

I want to delete the document in elasticserach by timestamp and one of the custom field "cu_hostname". I want to remove all the documents which are in the specific time stamp which have the value "cu_hostname=abc"

I have written a query for timestamp as below:

POST filebeat-perf-1/_delete_by_query
{
"query":{
"range": {
"@timestamp": {
"gte": "1510511400000",
"lte": "1510597799000"
}
}
}
}

and deleting the custom field:

  curl -XPOST '10.193.104.42:9200/filebeat-perf-1/_delete_by_query?conflicts=proceed&pretty' -H 'Content-Type: application/json' -d'
    {
    "query": {
    "wildcard": {
    "cu_hostname": "abc"
    }
    }
    }

How to combine both this query?

Improve this question

1 Answer 1

Reset to default
2

You simply need to combine both with a bool/filter query:

POST filebeat-perf-1/_delete_by_query
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": "1510511400000",
              "lte": "1510597799000"
            }
          }
        },
        {
          "wildcard": {
            "cu_hostname": "abc"
          }
        }
      ]
    }
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.