Skip to content

Delete specific logs from Elasticsearch

Jump to bottom
Peter Manev edited this page Dec 15, 2016 · 9 revisions

To delete all alerts from 09 December 2016:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://elasticsearch:9200/logstash-alert-2016.12.09"

To delete all TLS records from 10 December 2016:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://elasticsearch:9200/logstash-tls-2016.12.10"

To delete all DNS records from 08 December 2016:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://elasticsearch:9200/logstash-dns-2016.12.08"

To delete all SSH records from 11 December 2016:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://elasticsearch:9200/logstash-ssh-2016.12.11"

To delete all HTTP records from 07 December 2016:

root@SELKS:~# wget --quiet -O - --method=DELETE "http://elasticsearch:9200/logstash-http-2016.12.07"

You can also have a look here Data lifecycle for time range based deletions.

Clone this wiki locally