edmundoa
commented
9 years ago Hi,
You can't remove sources in Graylog, we don't change any data once it is indexed. If there is no sensitive information, the easiest and safest route is to stop sending that data and it will eventually "go away" after a few indices are rotated.
In case you really want to delete that data, and saying upfront that I am no expert in Elasticsearch, I think you are looking for the Update API.
We use Github to track issues with the code, please use our mailing list or our IRC channel #graylog on Freenode for support questions about Graylog.
Firstly I have to say im newbie at curl so Im asking here
I have some sources in GrayLog2: http://i.stack.imgur.com/xkelZ.jpg
and want remove them all
Used curl to delete "12:00:02:" source
curl -XDELETE 'http://127.0.0.1:9200/graylog2_*/message/_query' -d ' {"query_string" : { "default_field" : "host", "query" : "12:00:02:" } }'
but got failture
{"_indices":{"graylog2_0":{"_shards":{"total":1,"successful":0,"failed":1,"failures":[{"index":"graylog2_0","shard":0,"reason":"QueryParsingException[[graylog2_0] request does not support [query_string]]"}]}}}}
Anyone can help me with properly curl command ?