Elasticsearch query sort order index

espogian · June 26, 2018, 10:54am

Hi,

if - in a Elasticsearch filter plugin - I do the following:

elasticsearch {
	hosts => ["elasticsearch:9200"]
	index => ["logstash-*"]
...

And let's assume I have several Logstash indexes like e.g.

logstash-2018.06.24
logstash-2018.06.25
logstash-2018.06.26

Where is the query supposed to search? Only in the latest? Only in the oldest? In all of them?

magnusbaeck · June 26, 2018, 6:17pm

It'll search all indexes that match the index name pattern you've given.

espogian · June 26, 2018, 7:18pm

Thank you.

Providing in the elasticsearch filter plugin these settings:

result_size => 1
enable_sort => true

Do you think Logstash will return only the first match found in index logstash-2018.06.24 or something else?

magnusbaeck · June 26, 2018, 7:33pm

Assuming the timestamp is the sort key I'd expect it to return the first document in the first index.

system · July 24, 2018, 7:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sorting search results Elasticsearch	2	751	July 6, 2017
Elasticsearch input query with sorting Logstash	1	639	May 20, 2020
Sorting search results Elasticsearch	1	269	July 6, 2017
Sorting with elasticsearch input Logstash	1	968	July 6, 2017
Elasticsearch filter plugin not sorting properly Logstash	2	291	June 11, 2019