I can’t seem to find a good way to get hits.total from the Elasticsearch response in my logstash pipeline. I’m really looking for a yes or no answer, so I have size set to 0. If I have a document that looks like this:
curl -s -H 'content-type: application/json' http://172.17.0.5:9200/myindex/_search?pretty -d '
{
"size": 0,
"query": {
"term": {
"foo": "bar"
}
}
}'
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 0.0,
"hits" : [ ]
}
}
I’m not able to copy any of the events out of the document. The Field setting allows me to grab events from the hits field and the docinfo_field setting allows me to grab the document info, but neither allows me to copy hits.total, took, timed_out, or any of the _shard fields.
Any ideas? Thanks ahead of time.