Dev tools vs filter query. Two different totals

chapmantrain · August 22, 2018, 8:36pm

This is the query in question.

{
"query": {
	"bool": {
		"filter": {
			"range": {
				"@timestamp": {
					"gte": "now-12h"
				}
			}
		},
		"must": [{
			"match": {
				"type.keyword": "camunda.log"
			}
		},
		{
			"match": {
				"message": "com.arjuna.ats.arjuna"
			}
		}]
	}
}

}

When I run this in dev tools I get:

{
"took": 54,
"timed_out": false,
"_shards": {
"total": 405,
"successful": 405,
"failed": 0
},
"hits": {
"total": 4421,
"max_score": 10.361226,
"hits": [
{
"_index": "camunda-prod-2018.08.22",
"_type": "camunda.log",
"_id": "AWVi7_XDJWzZ_kaZnjBs",
"_score": 10.361226,

Which is not right. When I run this as a filter query in Discover, I get: 133 hits.

That is correct. Why am I getting two different answers with the same query. I am setting this up as a watch. In the watch I get the 4421 hits also. Am I over looking something?

system · September 19, 2018, 8:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic dev tool has different total hits number than discover query search Elasticsearch	10	360	November 1, 2023
Different number of documents when querying Kibana vs Elasticsearch Elasticsearch	2	398	April 16, 2018
Difference between queries Elasticsearch	6	694	March 2, 2018
Devtools only showing 10,000 hits Kibana	3	2852	October 30, 2020
Querying multiple indexes using dev tools Elasticsearch	5	3391	August 2, 2019

Dev tools vs filter query. Two different totals

Related topics