Question

错误地说，我从logstash得到了太多的数据，我把间隔太短了：64秒... ...

 input {
        exec {
                command => "python /etc/logstash/extract_serveurs.py"
                interval => 64
                codec => "json_lines"
                type => "jsonserveurs"
        }
 }

它给了这个

1,9M    indices/logstash-2016.11.29
1,9M    indices/logstash-2016.11.30
1,9M    indices/logstash-2016.12.01
1,9M    indices/logstash-2016.12.02
1,9M    indices/logstash-2016.12.03
1,9M    indices/logstash-2016.12.04
1,9M    indices/logstash-2016.12.05
1,9M    indices/logstash-2016.12.06
1,9M    indices/logstash-2016.12.07
1,9M    indices/logstash-2016.12.08
2,2M    indices/logstash-2016.12.09
1,9M    indices/logstash-2016.12.10
1,9M    indices/logstash-2016.12.11
2,1M    indices/logstash-2016.12.12
1,9M    indices/logstash-2016.12.13
1,9M    indices/logstash-2016.12.14
1,9M    indices/logstash-2016.12.15
12K    indices/logstash-2016.12.16
1,9M    indices/logstash-2016.12.17
1,8M    indices/logstash-2016.12.18
408M    indices/logstash-2016.12.19
932M    indices/logstash-2016.12.20
927M    indices/logstash-2016.12.21
922M    indices/logstash-2016.12.22
915M    indices/logstash-2016.12.23
917M    indices/logstash-2016.12.24
908M    indices/logstash-2016.12.25
913M    indices/logstash-2016.12.26
913M    indices/logstash-2016.12.27
914M    indices/logstash-2016.12.28
914M    indices/logstash-2016.12.29
916M    indices/logstash-2016.12.30
916M    indices/logstash-2016.12.31
920M    indices/logstash-2017.01.01
921M    indices/logstash-2017.01.02
924M    indices/logstash-2017.01.03
927M    indices/logstash-2017.01.04
931M    indices/logstash-2017.01.05
933M    indices/logstash-2017.01.06
932M    indices/logstash-2017.01.07
931M    indices/logstash-2017.01.08
930M    indices/logstash-2017.01.09
931M    indices/logstash-2017.01.10
918M    indices/logstash-2017.01.11
937M    indices/logstash-2017.01.12
935M    indices/logstash-2017.01.13
933M    indices/logstash-2017.01.14
924M    indices/logstash-2017.01.15
932M    indices/logstash-2017.01.16
563M    indices/logstash-2017.01.17
16M    indices/logstash-2017.01.18
1,4M    indices/logstash-2017.01.19
38M    indices/tunnels

我现在改为正确值，但我需要清理这些巨大的索引。我想保留一些文件。

我试过了：

 curl -XDELETE "http://quickzephir:9200/logstash-2017.01.11/jsonserveurs/_delete_by_query" -d'
   {
     "query": {
       "range": {
         "@timestamp": {
           "from": "2017-01-11T00:00:00.945Z",
           "to": "2017-01-11T19:59:59Z"
         }
       }
     }
   }' 

curl -XPOST "http://quickzephir:9200/logstash-2017.01.11/jsonserveurs/_delete_by_query" -d'
   {
     "query": {
       "range": {
         "@timestamp": {
           "from": "2017-01-11T00:00:00.945Z",
           "to": "2017-01-11T11:59:59Z"
         }
       }
     }
   }'

curl -XDELETE "http://quickzephir:9200/logstash-2017.01.11/jsonserveurs/_query" -d'
   {
     "query": {
       "range": {
         "@timestamp": {
           "from": "2017-01-11T00:00:00.945Z",
           "to": "2017-01-11T11:59:59Z"
         }
       }
     }
   }'

但是

curl -XGET 'http://quickzephir.in.ac-nantes.fr:9200/logstash-2017.01.11/jsonserveurs/_count?pretty'

给我相同的计数值......

Answer 1

解决

在安装了按查询删除插件后，我忘了重新启动elasticsearch ...

curl -XDELETE "http://quickzephir:9200/logstash-2017.01.11/jsonserveurs/_query" -d'
    {
      "query": {
        "range": {
          "@timestamp": {
            "from": "2017-01-11T00:00:00.945Z",
            "to": "2017-01-11T11:59:59Z"
          }
        }
      }
    }'

工作正常。

如何在elasticsearch中删除很多文档？

1 个答案: