Elasticsearch API request

Cdotisp_Delhi · April 15, 2026, 5:51am

GET /lb-2026.04/_search
{
"size": 10000,
"aggs": {
"last_entry": {
"max": {
"field": "@timestamp"
}
}
}
}

I want to retrieve all latest timestamp documents from Index lb-2026.04 but number of documents are exceeding from 10K they are approximately 15K. Is there a way to achieve this in a single request??

RainTown · April 15, 2026, 6:24am

(post deleted by author)

RainTown · April 15, 2026, 6:43am

Welcome to the forum @Cdotisp_Delhi !!

I replied too quickly, not reading the question carefully. Sorry for this.

Your question's wording is slightly ambiguous:

Are you saying you have maybe 15K documents all with the same "max" value of @timestamp from the index? That wasn't my first reading, seems unlikely, but maybe that is what you want?

And please note the size parameter is not relevant to the max aggregation you included, the max aggregation is applied to all matching documents anyways, in your case all documents in the index.

If you want just more results returned, the simplest way is to use index.max_result_window, increasing from default 10,000.

PUT lb-2026.04/_settings
{
"index.max_result_window": 20000
}

then you can query that index with size parameter up to 20000. But the default is 10K for a reason, please don't increase too much without some thought.

So also ask yourself if you really need all the results in one request? What if result set is not 15K, rather 150K or 1.5M results?

The official docs suggest the more correct solution would be to use scroll or search_after, and get all docs in chunks. But if you just want a quick fix for today, increasing index.max_result_window is IMO easiest.

Cdotisp_Delhi · April 15, 2026, 6:51am

Thanks a lot Kevin, it worked, Kudos to you!!! Humans are more dependable than AI.

dadoonet · April 15, 2026, 7:58am

Hey

Glad you solved it but I'm reading again your question and I wanted to ask what do you mean by

I want to retrieve all latest timestamp documents from Index lb-2026.04

Do you want to get the last 10 documents for example?

In which case, you just need to use sort:

GET /lb-2026.04/_search
{
  "sort" : [
    { "@timestamp" : {"order" : "desc"}
  ]
}

You can also get more documents with:

GET /lb-2026.04/_search
{
  "size": 100,
  "sort" : [
    { "@timestamp" : {"order" : "desc"}
  ]
}

Would that solve the question?

TBH: I don't like much modifying the index.max_result_window as it has consequences:

The maximum value of from + size for searches to this index. Defaults to 10000 . Search requests take heap memory and time proportional to from + size and this limits that memory. See Scroll or Search After for a more efficient alternative to raising this.

Topic		Replies	Views
Can elasticsearch list the latest X number of indexed documents across all indexes? Elasticsearch	6	419	July 6, 2017
Display the last 100k documents Elasticsearch	4	231	January 23, 2024
Search API error Elasticsearch Elasticsearch language-clients	12	1566	June 28, 2021
I need to fetch all document but this query only return 10 documents. I'm checking through postman Elasticsearch	2	1102	May 22, 2020
Want to find all document in elastic search in Node JS using aggregation Elasticsearch	6	1322	June 17, 2021

Elasticsearch API request

Related topics