I need to delete a specific log messages from Graylog, however there doesn't seem to be any public API to do this (going by the Graylog API browser).
There is very little documentation about how one might do this. I've found a few random articles that imply it is/was possible via curl and a query API, but nothing substantive.
Given a graylog is accessible via "http://1.2.3.4:5678" and I've got a message with an ID of "94c84300-d3c1-11e6-b900-005056ac343f" in index "graylog_0" how would I delete this message ?
Since you have access to ES you can remove the message directly in ES. If your message is in a past index, you need to make it writable again as all past indices are made read-only by Graylog, so first run this:
curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
"index" : {
"blocks.write" : false
}
}'
Then you can delete your message
curl -XDELETE 'http://localhost:9200/graylog_0/message/94c84300-d3c1-11e6-b900-005056ac343f
Finally, you need to make the index read-only again
curl -XPUT 'http://localhost:9200/graylog_0/_settings' -d '{
"index" : {
"blocks.write" : true
}
}'
Optionally, you might also want to make Graylog recompute index ranges, so you can run this directly against the Graylog server:
curl -XPOST http://1.2.3.4:5678/system/indices/ranges/rebuild
UPDATE
If you want to bulk delete multiple messages, you can use the bulk API easily:
curl -XPOST 'http://localhost:9200/graylog_0/message' -d '
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac343f"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac543e"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac8694"}}
{"delete":{ "_id": "94c84300-d3c1-11e6-b900-005056ac1264"}}
'
来源:https://stackoverflow.com/questions/41499306/delete-a-specific-log-message-from-graylog