search

TomonoriSoejima / Tejun

notes related to working cases
5 stars 3 forks source link

How to delete data from .ml-anomalies-shared #139

Open TomonoriSoejima opened 1 year ago

TomonoriSoejima commented 1 year ago

Find the request (anomaly_search) that is returning the buckets

Note that there are a number of anomaly_search, so you have to look through the response to choose the right one.

image

copy the request

Then run it in your terminal to make sure you get the same response.

When you do so, modify --data-raw '{"query":{"body":{"size":0 to --data-raw '{"query":{"body":{"size":10 so that you can actually see the query result which contains the index name.

image

Delete the old data

POST .ml-anomalies-shared/_delete_by_query
{
  "query": {
    "bool": {
      "filter": [
        {
          "query_string": {
            "query": "result_type:model_plot",
            "analyze_wildcard": true
          }
        },
        {
          "bool": {
            "must": [
              {
                "term": {
                  "job_id": "tomoresponse_code_rates"
                }
              },
              {
                "range": {
                  "timestamp": {
                    "lte": 1692777599999,
                    "format": "epoch_millis"
                  }
                }
              },
              {
                "term": {
                  "partition_field_name": "response.keyword"
                }
              },
              {
                "term": {
                  "partition_field_value": "200"
                }
              }
            ],
            "should": [
              {
                "term": {
                  "detector_index": 0
                }
              },
              {
                "bool": {
                  "must_not": [
                    {
                      "exists": {
                        "field": "detector_index"
                      }
                    }
                  ]
                }
              }
            ],
            "minimum_should_match": 1
          }
        }
      ]
    }
  }
}