Can we send a query with ignorable field to Elasticsearch?

Anonymous_Soul · May 14, 2021, 5:28am

Hi Team,

Suppose we are a team with 100 other teams querying our cluster, either through Kibana or Elasticsearch APIs
Can we identify those with a special field like a uniqueID specific to one team but those fields are not indexed or queried, just pass it to every query and Elasticsearch silently ignores the field.
We will log these queries and plot based on the uniqueID.

Can this be done? Or is there any better way?

Any help is appreciated. Thanks in advance.

warkolm · May 17, 2021, 10:54pm

Welcome to our community!

Check the stats field as mentioned here - Search API | Elasticsearch Guide [7.12] | Elastic

Anonymous_Soul · May 18, 2021, 11:59pm

@warkolm
Just to be clear with the requirement

Please find below scenario:

Consider there are 100 teams hitting a single Elasticsearch cluster either through Kibana or Elasticsearch APIs. We need to identify the usage of Elasticsearch by each team.

One solution is that we could allocate one ID to one Team.

Questions:

Can we pass this ID in search queries to identify how many queries each team has hit for a day?
However we do not want this ID to be either indexed or used in scoring of each query. Can this ID be a silent field, which we can just log and calculate the frequency per Team?

warkolm · May 19, 2021, 1:04am

Did you read that documentation link? I'm pretty sure that's what you want.

Christian_Dahlqvist · May 19, 2021, 2:18am

The only way I can see to do this if Kibana queries need to be counted would probably be to define separate users per team and track this through audit logging.

You may also be able to do it through an external proxy but I am not aware of any way to otherwise do this directly in Elasticsearch.

system · June 16, 2021, 2:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.