Im would delete before 24 hours elasticsearch document And put this inside the cron what is the query " delete before 24 hours elasticsearch document" ??
Asked
Active
Viewed 98 times
0
-
What do you mean by "delete before 24 hours"? Do you want to delete documents that have been around for less than 24 hours? Delete documents every 24 hours? Something else? It's not clear what you're asking for help with here - possibly an example might help. – bouteillebleu Feb 07 '18 at 10:15
-
my elk server received log from 4 nginx server, I just want to keep logs 24 hours in advance, And the rest of it will be erased – OMID Feb 07 '18 at 10:46
1 Answers
0
curl -XDELETE 'http://localhost:9200/filebeat-2018.02.07/_query' -d '
{
"query": {
"filtered" : {
"query" : {
"term" : { "termName" : "termValue" }
},
"filter" : {
"range" : { "@timestamp" : { "lt" : "now-30d" }}
}
}
}
}'
Something like that
OMID
- 21
- 1
- 7