I want the count of documents post filter in a dataset. So I am invoking a DSL query to do this but not getting any result.
For ex : Count number of error messages in logs for a given date range.
My query for fetching error messages
GET /_search
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"message.keyword": {
"value": "*.*UAGE*"
}
}
}
],
"filter": [
{"range": {
"@timestamp": {
"gte": "2024-01-04T00:00:00.000Z",
"lte": "2024-01-04T23:59:59.000Z"
}
}}
]
}
}
}
But i can't able to count the number documents. Please help me here to write the query.
Thanks
yago82
February 2, 2024, 5:00pm
2
akashmaharana93:
want the count of documents post filter in a dataset. So I am invoking a DSL query to do this but not getting any result.
For ex : Count number of error messages in logs for a given date range.
My query for fetching error messages
GET /_search
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"message.keyword": {
"value": "*.*UAGE*"
}
}
}
],
"filter": [
{"range": {
"@timestamp": {
"gte": "2024-01-04T00:00:00.000Z",
"lte": "2024-01-04T23:59:59.000Z"
}
}}
]
}
}
}
But i can't able to count the number documents. Please help me here to write the query.
Thanks
Hi,
you can modify your query to get the count of documents:
GET /_search
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"message.keyword": {
"value": "*.*UAGE*"
}
}
}
],
"filter": [
{"range": {
"@timestamp": {
"gte": "2024-01-04T00:00:00.000Z",
"lte": "2024-01-04T23:59:59.000Z"
}
}}
]
}
},
"size": 0
}
"size": 0 is added at the end. This tells Elasticsearch to not return any documents in the response, just the metadata which includes the count of matching documents.
Regards
jsanz
February 2, 2024, 5:29pm
3
or just hit the /_count API endpoint