Skip to content

Delete specific logs from Elasticsearch

Jump to bottom
Peter Manev edited this page Apr 17, 2019 · 9 revisions

To delete all events from 09 Sept 2018:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-*-2018.09.09"

To delete all alerts from 09 December 2018:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-alert-2018.12.09"

To delete all TLS records from 10 December 2018:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-tls-2018.12.10"

To delete all DNS records from 15 April 2019:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-dns-2019.04.15"

To delete all SSH records from 11 December 2018:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-ssh-2018.12.11"

To delete all HTTP records from 07 December 2018:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://localhost:9200/logstash-http-2018.12.07"

Other:

curl -XGET "localhost:9200/_cat/indices?v"
curl -XDELETE 'http://localhost:9200/logstash-dns-2019.04.17'
curl -XDELETE 'http://localhost:9200/logstash-dns-*'

You can also have a look here Data lifecycle for time range based deletions.

Clone this wiki locally