ElasticSearch - Delete documents by specific field

Question

This seemingly simple task is not well-documented in the ElasticSearch documentation:

We have an ElasticSearch instance with an index that has a field in it called sourceId. What API call would I make to first, GET all documents with 100 in the sourceId field (to verify the results before deletion) and then to DELETE same documents?

Answer 1

You probably need to make two API calls here. First to view the count of documents, second one to perform the deletion.

Query would be the same, however the end points are different. Also I'm assuming the sourceId would be of type keyword

Query to Verify

POST <your_index_name>/_search
{
  "size": 0,
  "query": {
    "term": {
      "sourceId": "100"
    }
  }
}

Execute the above Term Query and take a note at the hits.total of the response.

Remove the "size":0 in the above query if you want to view the entire documents as response.

Once you have the details, you can go ahead and perform the deletion using the same query as shown in the below query, notice the endpoint though.

Query to Delete

POST <your_index_name>/_delete_by_query
{
  "query": {
    "term": {
      "sourceId": "100"
    }
  }
}

Once you execute the Deletion By Query, notice the deleted field in the response. It must show you the same number.

I've used term queries however you can also make use of any Match or any complex Bool Query. Just make sure that the query is correct.

Hope it helps!