Elasticsearch api returning empty response (python)

I am trying to retrieve elasticsearch data in python using the elasticsearch rest api.
When I attempt to call the search api using the requests python library, the elasticsearch python client, or directly from the command line, I get an empty response that looks like this:
{'took': 0, 'timed_out': False, '_shards': {'total': 0, 'successful': 0, 'skipped': 0, 'failed': 0}, 'hits': {'total': {'value': 0, 'relation': 'eq'}, 'max_score': 0.0, 'hits': []}}

This response has a code of 200 and no errors occur. When I tried running the same request in the elasticsearch API console, however, I get the correct, non-empty response.
Can anyone shed some light as to why I can get data from the api console but not by calling the api from python or the command line?
As far as I can tell, the syntax is correct, I have the right permissions, and I double checked the auth codes and endpoint url.

Python code (request library)

HEADERS = {
      'Content-Type': 'application/json',
      'kbn-xsrf': 'reporting',
      'Authorization': 'ApiKey <my_APIKEY>'
  }

url = "https://<my_ENDPOINT_URL>:9243/logs-*/_search"
r = requests.get(url, headers=HEADERS)
print(r)

Python code (Elasticsearch client):

client = Elasticsearch(
      cloud_id=<my_CLOUD_ID>,
      api_key=("<my_api-key-id>", "<my_api-key-secret>")
  )

r = client.search(index="logs-*", query={"match_all": {}})
print(r)
1 Like

This seems to be wrong, it will look for indices that start with logs and end with an hyphen, -.

Is this how it is in your code or it is just a typo?

It should be logs-*.

That was just a typo in my post. The post has been updated.

Fixed the issue. role_descriptors/indices/names needed to be set to "*" in the API Key I was using. The role_descriptors/indices/privileges also needed to include "read" and "view_index_metadata". (see: Create API key API | Elasticsearch Guide [8.10] | Elastic)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.