1

I'm trying to delete certain logs from graylog/elasticsearch using a curl query string command with no luck. I know I need to use -XDELETE to remove the log I just what to read it first.

curl -GET 'http://localhost:9200/graylog_26/message/_query' -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc*”:"{}"}}}’

Error:

curl -GET 'http://localhost:9200/graylog_26/message/_query' -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc”:"{}"}}}’ curl -GET 'http://localhost:9200/graylog_26/message/_query' -d ‘{“query”:{“query_string”:{“query”:“message:password AND identity:cc”:"{}"}}}’ {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request [/graylog_26/message/_query] contains unrecognized parameter: [â��{â��queryâ��:{â��query_stringâ��:{â��queryâ��:â��message:password]"}],"type":"illegal_argument_exception","reason":"request [/graylog_26/message/_query] contains unrecognized parameter: [â��{â��queryâ��:{â��query_stringâ��:{â��queryâ��:â��message:password]"},"status":400}

SnapQoins
  • 21
  • 1
  • 3

1 Answers1

0

Delete Them Separately!

You should check which indices are available and in use with:

curl http://127.0.0.1:9000/_cat/indices

Then delete the oldest indices note: don't delete all of them

curl -XDELETE http://127.0.0.1:9000/graylog_1
curl -XDELETE http://127.0.0.1:9000/graylog_2
curl -XDELETE http://127.0.0.1:9000/graylog_3

then reduce the parameter "elasticsearch_max_number_of_indices" in the directory "/etc/graylog/server/server.conf" to a value that fits your disk (like 20 to 10).

have fun.

Ali Hallaji
  • 3,712
  • 2
  • 29
  • 36