EDIT: The question could be rephrased also as:
When working with date based indexes, Is it any better to provide the exact indexes for searching (potentially a huge list):
GET /whatever-YYYYMM01,whatever-YYYYMM02,...
OR
GET /whatever-*
- date range query
I've been assuming that it's better to provide the exact indexes, but the query string can be huge and exceed HTTP's maximum allowed length for GET
I was wondering if there's an easy way to perform an index pattern definition where the index name depends on the date, based on a date range (start_date, end_date)
I've been trying to fit some date math in the index names such as suggested here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/date-math-index-names.html
It looks very limited - I can do things such as:
GET /<whatever-{now/d{YYYYMMdd|+12:00}}>/_search
but apparently I cannot define a simple date range between two dates.
My indexes are named: whatever-YYYYMMDD
If i require to query over a year, I'm forced to do either:
- GET /whatever-* (might not be the best option as my retention policy is for three years)
- Programatically expand the range to individual indexes names and do GET /whatever-YYYYMM01,whatever-YYYYMM02,... , YYYYMMXX => Fails as the GET string is longer than what supports HTTP
- Do several searches iterating over several ranges (calculated)
- Other options?
Any suggestion is appreciated
Thanks