Find the request (anomaly_search) that is returning the buckets
Note that there are a number of anomaly_search, so you have to look through the response to choose the right one.
copy the request
Then run it in your terminal to make sure you get the same response.
When you do so, modify --data-raw '{"query":{"body":{"size":0 to --data-raw '{"query":{"body":{"size":10 so that you can actually see the query result which contains the index name.
Delete the old data
the request body can be reused from the curl command, but please make sure you edit the time range accordingly.
Find the request (anomaly_search) that is returning the buckets
Note that there are a number of
anomaly_search
, so you have to look through the response to choose the right one.copy the request
Then run it in your terminal to make sure you get the same response.
When you do so, modify
--data-raw '{"query":{"body":{"size":0
to--data-raw '{"query":{"body":{"size":10
so that you can actually see the query result which contains the index name.Delete the old data