Delete a specific log message from Graylog

血红的双手。 提交于 2019-12-10 11:37:42

问题


I need to delete a specific log messages from Graylog, however there doesn't seem to be any public API to do this (going by the Graylog API browser).

There is very little documentation about how one might do this. I've found a few random articles that imply it is/was possible via curl and a query API, but nothing substantive.

Given a graylog is accessible via "http://1.2.3.4:5678" and I've got a message with an ID of "94c84300-d3c1-11e6-b900-005056ac343f" in index "graylog_0" how would I delete this message ?


回答1:


Since you have access to ES you can remove the message directly in ES. If your message is in a past index, you need to make it writable again as all past indices are made read-only by Graylog, so first run this:

curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
   "index" : {
      "blocks.write" : false
   }
}'

Then you can delete your message

curl -XDELETE 'http://localhost:9200/graylog_0/message/94c84300-d3c1-11e6-b900-005056ac343f

Finally, you need to make the index read-only again

curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
   "index" : {
      "blocks.write" : true
   }
}'

Optionally, you might also want to make Graylog recompute index ranges, so you can run this directly against the Graylog server:

curl -XPOST http://1.2.3.4:5678/system/indices/ranges/rebuild

UPDATE

If you want to bulk delete multiple messages, you can use the bulk API easily:

curl -XPOST 'http://localhost:9200/graylog_0/message' -d '
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac343f"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac543e"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac8694"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac1264"}}
'


来源:https://stackoverflow.com/questions/41499306/delete-a-specific-log-message-from-graylog

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!