Hello.
Unfortunately one of my devices logged gigabytes of logs in a short period of time.
I tried to write a bash script to delete it from the index. But it seems not to work. As I am really not good with the syntax of this curl commands, I thought I might ask here. Which could also help others in the future who search for this.
What I did so far:
- Check for which indice is impacted
curl http://localhost:9200/_cat/indices
...
green open graylog_0 ..... 1 0 58237640 0 19.5gb 19.5gb
- Write a bash script to delete logs from the specific date
Content:
cat deletelogbydate.sh
curl -XPOST "http://localhost:9200/graylog_1/_delete_by_query" -H 'Content-Type: application/json' -d'
{
"query": {
"range" : {
"@timestamp" : {
"gte" : "08/11/2024",
"lte" : "09/11/2024",
"format": "dd/MM/yyyy||yyyy"
}
}
}'
- what I get as output
{"error":{"root_cause":[{"type":"json_e_o_f_exception","reason":"Unexpected end-of-input: expected close marker for Object (start marker at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATIONdisabled); line: 2, column: 1])\n at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATIONdisabled); line: 11, column: 2]"}],"type":"json_e_o_f_exception","reason":"Unexpected end-of-input: expected close marker for Object (start marker at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATIONdisabled); line: 2, column: 1])\n at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATIONdisabled); line: 11, column: 2]"},"status":400}
Some help how this should look like would be pretty awesome.
Guess when I am little more familar with the syntax this will be also easier for other tasks. And yes, of course I searched the web before 
Thanks a lot in advance!
cheers