Add hits.total to field in Elasticsearch filter

crux · May 18, 2018, 4:27am

I can’t seem to find a good way to get hits.total from the Elasticsearch response in my logstash pipeline. I’m really looking for a yes or no answer, so I have size set to 0. If I have a document that looks like this:

curl -s -H 'content-type: application/json' http://172.17.0.5:9200/myindex/_search?pretty -d '
{
  "size": 0,
  "query": {
    "term": {
      "foo": "bar"
    }
  }
}'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 1,
    "max_score" : 0.0,
    "hits" : [ ]
  }
}

I’m not able to copy any of the events out of the document. The Field setting allows me to grab events from the hits field and the docinfo_field setting allows me to grab the document info, but neither allows me to copy hits.total, took, timed_out, or any of the _shard fields.

Any ideas? Thanks ahead of time.

system · June 15, 2018, 4:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to save "total hits" results from a query, in a field Logstash	4	582	March 21, 2024
Return only the data inside hits [ ] Elasticsearch	5	2940	June 21, 2019
How to set the value of "total_fields" by using curl? Elasticsearch	2	560	October 3, 2019
Counting total hits with java always retrieve 0 Elasticsearch	2	1420	September 30, 2019
Get the hit count in EQL Elasticsearch	3	320	July 28, 2023

Add hits.total to field in Elasticsearch filter

Related Topics