批量删除指定查询条件的记录
POST logstash-log-2017.11.*/_delete_by_query
{
"query": {
"match": {
"event":"\"xxx\""
}
}
}
POST logstash-log-2018.04.26/_delete_by_query
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "source:\"json2018-04-27\"",
"analyze_wildcard": true
}
}
],
"must_not": []
}
}
}
删除包含某个字段的记录, 也可以用于搜索
POST logstash-log-2018*/_delete_by_query
{
"query": {
"exists" : { "field" : "response" }
}
}
删除某个字段,而非某些记录
POST logstash-log-2018.04.18/_update_by_query?wait_for_completion=false&conflicts=proceed
{
"query": {
"bool": {
"must": [
{
"exists": {
"field": "toString"
}
}
]
}
},
"script" : {"inline":"ctx._source.remove('toString')"}
}
可以匹配到对象类型, 参考https://www.elastic.co/guide/en/elasticsearch/reference/6.1/query-dsl-exists-query.html Exists Query