本文介绍了从Graylog删除特定的日志消息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要从Graylog删除特定的日志消息,但是似乎没有任何公共API可以做到这一点(由Graylog API浏览器进行).

I need to delete a specific log messages from Graylog, however there doesn't seem to be any public API to do this (going by the Graylog API browser).

关于如何执行此操作的文档很少.我发现一些随机文章暗示可以通过curl和查询API来实现,但是没有任何实质意义.

There is very little documentation about how one might do this. I've found a few random articles that imply it is/was possible via curl and a query API, but nothing substantive.

鉴于可以通过" http://1.2.3.4:5678 访问灰色日志,我已经在索引"graylog_0"中收到ID为"94c84300-d3c1-11e6-b900-005056ac343f"的消息,我将如何删除此消息?

Given a graylog is accessible via "http://1.2.3.4:5678" and I've got a message with an ID of "94c84300-d3c1-11e6-b900-005056ac343f" in index "graylog_0" how would I delete this message ?

推荐答案

由于您有权访问ES,因此可以直接在ES中删除消息.如果您的邮件在过去的索引中,则您需要使其再次可写,因为所有过去的索引都由Graylog设置为只读,因此请首先运行以下命令:

Since you have access to ES you can remove the message directly in ES. If your message is in a past index, you need to make it writable again as all past indices are made read-only by Graylog, so first run this:

curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
   "index" : {
      "blocks.write" : false
   }
}'

然后您可以删除您的消息

Then you can delete your message

curl -XDELETE 'http://localhost:9200/graylog_0/message/94c84300-d3c1-11e6-b900-005056ac343f

最后,您需要将索引重新设置为只读

Finally, you need to make the index read-only again

curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
   "index" : {
      "blocks.write" : true
   }
}'

(可选)您可能还希望使Graylog重新计算索引范围,因此您可以直接在Graylog服务器上运行它:

Optionally, you might also want to make Graylog recompute index ranges, so you can run this directly against the Graylog server:

curl -XPOST http://1.2.3.4:5678/system/indices/ranges/rebuild

更新

如果要批量删除多封邮件,可以轻松使用批量API:

If you want to bulk delete multiple messages, you can use the bulk API easily:

curl -XPOST 'http://localhost:9200/graylog_0/message' -d '
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac343f"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac543e"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac8694"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac1264"}}
'

这篇关于从Graylog删除特定的日志消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-22 06:47