How to delete all instances of an alert from database? #8214
-
|
I am looking for a way to delete all instances of an alert from the database. The reason is because I enabled a playbook play that generated millions of alerts at once, and this is causing issues with Elasticsearch. When I try to Acknowledge all of the alerts at once it generates a log in : [2022-06-29T17:46:35,646][INFO ][org.elasticsearch.tasks.LoggingTaskListener] 192285 finished with response BulkByScrollResponse[took=1.6s,timed_out=false,sliceId=null,updated=555,created=0,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[{"index":"so-playbook-alerts-2022.06.27","type":"_doc","id":"7oGbp4EBO3iq046VbcKu","cause":{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Limit of total fields [5000] has been exceeded while adding new fields [1]"}},"status":400}, {"index":"so-playbook-alerts-2022.06.27","type":"_doc","id":"8IGbp4EBO3iq046VbcLr","cause":{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Limit of total fields [5000] has been exceeded while adding new fields [1]"}},"status":400}, {"index":"so-playbook-alerts-2022.06.27","type":"_doc","id":"8oGbp4EBO3iq046VbsId","cause":{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Limit of total fields [5000] has been exceeded while adding new fields [1]"}},"status":400}],search_failures=[]] Then when I try to use hunt it displays this Message on Screen in the Web browser for other alerts: "The search query encountered a failure within the Elasticsearch cluster." |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I ended up having to reinstall SO. |
Beta Was this translation helpful? Give feedback.
I ended up having to reinstall SO.