Elasticsearch query sort order index

espogian · June 26, 2018, 10:54am

Hi,

if - in a Elasticsearch filter plugin - I do the following:

elasticsearch {
	hosts => ["elasticsearch:9200"]
	index => ["logstash-*"]
...

And let's assume I have several Logstash indexes like e.g.

logstash-2018.06.24
logstash-2018.06.25
logstash-2018.06.26

Where is the query supposed to search? Only in the latest? Only in the oldest? In all of them?

magnusbaeck · June 26, 2018, 6:17pm

It'll search all indexes that match the index name pattern you've given.

espogian · June 26, 2018, 7:18pm

Thank you.

Providing in the elasticsearch filter plugin these settings:

result_size => 1
enable_sort => true

Do you think Logstash will return only the first match found in index logstash-2018.06.24 or something else?

magnusbaeck · June 26, 2018, 7:33pm

Assuming the timestamp is the sort key I'd expect it to return the first document in the first index.

system · July 24, 2018, 7:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[filter elasticsearch] sort query Logstash	1	938	July 6, 2017
Sorting search results Elasticsearch	2	772	July 6, 2017
Managing queries in Elasticsearch Logstash filter plugin Elasticsearch	5	6622	August 24, 2018
Elasticsearch filter plugin not sorting properly Logstash	2	303	June 11, 2019
Sorting search results Elasticsearch	1	295	July 6, 2017