I'm using Elasticsearch version 1.2.0
I have documents indexed by bulk indexing.
When it comes to search, it works fine when I use _search endpoint to get a document that I want.
However, I cannot get the exactly same document using GET API.
For example, the code snippet below does not retrieve any result.
curl -XGET "http://xxx.xxx.xxx.xxx:9200/my_index/my_type/my_id?pretty"
However, when I specify the routing value, it retrieves correct result that I wanted to get.
curl -XGET "http://xxx.xxx.xxx.xxx:9200/my_index/my_type/my_id?routing=3&pretty"
Here is the thing that I want to know because I've never used any kind of routing settings for indexing operation.
And there is NO parent-child relations with the "my_type".
Could anyone recommend other possible reasons for this kind of problem?
Thanks in advance.
Elasticsearch version 1.2.0 has a severe bug with respect to indexing.
The document recommends an upgrade to 1.2.1.I think you are running into this issue.
Related
We have a requirement that we return just the source fields in search results, without any of the metadata. From searching, I gather that this is not possible with elasticsearch, but I did find a reference to maybe using a plugin in this thread:
Filter out metadata fields and only return source fields in elasticsearch
The plugin that was linked was this one:
https://github.com/imotov/elasticsearch-just-source/blob/master/src/main/java/org/elasticsearch/examples/justsource/rest/action/RestJustSourceAction.java
I'm still learning about elasticsearch, but can someone explain how I would implement and deploy that plugin in our elasticsearch configuration?
Thanks,
Jim
As stated in the first link you referenced, it is possible to do it with response filtering which is not a plugin but a standard feature of ES:
GET /index/type/_search?filter_path=hits.hits._source
If you want to get rid of hits.hits._source you can use jq
curl -XGET localhost:9200/index/type/_search?filter_path=hits.hits._source | jq '.hits.hits[]._source'
I'm trying to build some kind of monitor for my ELK stack. I want to know when/if my ELK is down. This will be just a simple solution. I was tasked with integrating a on/off signal within a bigger, global monitoring tool.
So I want to query my ELKs elasticsearch for the latest entry that matches one particular field value. My ELK data contains a field for each access.log row that states which server was the origin. So there is always say server_node.raw=Tomcat1 oder Tomcat2 or ...
I do get a result from my index but this seems like metadata to me. http://10.170.121.148:9100/logstash-2015.11.10/?pretty
Is there a way to query ES for the latest entry that matches server_node.raw=Tomcat1 using a simple HTTP request?
Using server_node.raw in Kibana works perfectly fine.
Anyone with an idea? I'd appreciate it.
Thanks in advance and regards. Sebastian
Yes, you are on the right path, you can simply query your logstash index with a URI search and &q=server_node.raw:... like this
curl -XGET 'http://10.170.121.148:9100/logstash-2015.11.10/_search?q=server_node.raw:Tomcat1&pretty'
is there a way to find out the names of all the indices ever created? Even after the index might have been deleted. Does elastic store such historical info?
Thanks
Using a plugin that keeps an audit trail for all changes that happened in your ES cluster might do the trick.
If you use the changes plugin (or a more recent one), then you can query it for all the changes in all indices using
curl -XGET http://localhost:9200/_changes
and your response will contain all the index names that were at least created. Not sure this plugin works with the latest versions of ES, though.
I am using elastic search for the project I'm working on and I was wondering if there was a way to narrow the results I get from an indices stats search.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-stats.html
I currently use the docs to narrow the data I get back about the indices but now I want to only get back ones with a doc count greater than 0. Does anyone know if this is possible or how to?
Thanks!
For elastic search 1.5.2
If you're concerned about the size of the response (i.e. if you many many indices with many shards), the best you can do is to use response filtering (available only since ES 1.7) and only retrieve the docs field that you can further filter on the client-side:
curl 'localhost:9200/_stats/docs?pretty&filter_path=**.docs.count'
I ran a conversion program, catmandu, and sent the results to elasticsearch. I'm new to elasticsearch. Do you know how I could find something similar to '.schema' for sqlite3 in elasticsearch? I'd like to know what fields are in there.
After searching around this morning I was unable to find something that would tell me the fields if I did not know them ahead of time.
Thank you for your help.
You use the mapping API to get current mapping for an index. This will show you all of the fields that have been indexed:
curl -XGET "http://localhost:9200/{yourIndex}/_mapping"