dadoonet
April 8, 2021, 9:25am
42
Could start again from the beginning? When there is no pit yet?
Something like:
POST /INDEXNAME/_pit?keep_alive=5m
And then share here the request AND the response.
Then run:
POST /_search
{
"size":1,
"_source":[
"kubernetes.container.name",
"kubernetes.namespace",
"message",
"@timestamp"
],
"query":{
"bool":{
"must":{
"match":{
"message":"exception"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2021-04-06T01:00:00",
"lte":"2021-04-06T18:00:00"
}
}
}
}
},
"pit":{
"id":"PIT_ID_THAT_YOU_GOT",
"keep_alive":"5m"
},
"sort":[
{
"@timestamp":"asc"
}
]
}
And share here the request AND the result. Note that I set size: 1 so the result will be small enough to be pasted here.
Hi David,
PIT ID
Still same error
"root_cause" : [
POST /_search
{
"size":1,
"_source":[
"kubernetes.container.name",
"kubernetes.namespace",
"message",
"@timestamp"
],
"query":{
"bool":{
"must":{
"match":{
"message":"exception"
}
},
"filter":{
"range":{
"@timestamp":{
"gte":"2021-04-06T01:00:00",
"lte":"2021-04-06T18:00:00"
}
}
}
}
},
"pit":{
"id":"48myAwcaZGV2Mi1hcHBsb2dzLWJlLTIwMjEuMDQuMDgWY1d0MzhzSERRZnF6eGNNLVJubko0QQAWWWNmSml6aVdRR21yNFJpTWZ5U3FCdwAAAAAAAA0paBZveVVmVFRUM1JwVzFOcXpvSF9ITW5BABpkZXYyLWFwcGxvZ3MtYmUtMjAyMS4wNC4wNRZqWlAyYXdwSVRTS1hqRUh4bGI2Uk93ABZjUDZQYl9zcVJsQ0h1Sk5JS2RaRERnAAAAAAAAAmldFm9Ec1FORjQyUXZpam5VYTB4ekh2Y3cAGmRldjItYXBwbG9ncy1iZS0yMDIxLjA0LjA3FmFEQWotRURYU2pHbjVBdm1mTWtSNGcAFlljZkppemlXUUdtcjRSaU1meVNxQncAAAAAAAANKVwWb3lVZlRUVDNScFcxTnF6b0hfSE1uQQAaZGV2Mi1hcHBsb2dzLWJlLTIwMjEuMDQuMDIWTmNudXJCdS1UMldVQWtHcnhyR3NDZwAWY1A2UGJfc3FSbENIdUpOSUtkWkREZwAAAAAAAAJpXBZvRHNRTkY0MlF2aWpuVWEweHpIdmN3ABpkZXYyLWFwcGxvZ3MtYmUtMjAyMS4wNC4wNhZDUGRfUF9RMVJEdVMxYmpLNlViSWJBABZFamdFTTBoaFIyV0RzMF9DbkcycFFRAAAAAAAAAe06FnVVazE1dXRWVDJDTmdKWFUtekNRMmcAGmRldjItYXBwbG9ncy1iZS0yMDIxLjA0LjA0FkRNUUpHd1l3VHlLbjVJM0JOSlZRSGcAFkVqZ0VNMGhoUjJXRHMwX0NuRzJwUVEAAAAAAAAB7TkWdVVrMTV1dFZUMkNOZ0pYVS16Q1EyZwAaZGV2Mi1hcHBsb2dzLWJlLTIwMjEuMDQuMDMWZlhWT2FjR3hRRktFSDlhekNZNlBZQQAWRWpnRU0waGhSMldEczBfQ25HMnBRUQAAAAAAAAHtOBZ1VWsxNXV0VlQyQ05nSlhVLXpDUTJnAAcWRE1RSkd3WXdUeUtuNUkzQk5KVlFIZwAAFmNXdDM4c0hEUWZxenhjTS1Sbm5KNEEAABZmWFZPYWNHeFFGS0VIOWF6Q1k2UFlBAAAWQ1BkX1BfUTFSRHVTMWJqSzZVYkliQQAAFmFEQWotRURYU2pHbjVBdm1mTWtSNGcAABZqWlAyYXdwSVRTS1hqRUh4bGI2Uk93AAAWTmNudXJCdS1UMldVQWtHcnhyR3NDZwAA",
"keep_alive":"5m"
},
"sort":[
{
"@timestamp":"asc"
}
]
}
I executed same thing in devtools, working fine.
I need to do same thing in server.
{@timestamp " : "2021-04-06T06:06:11.335Z",http://wcc-monitor.corp.hpicloud.net:9411/api/v2/spans ": connect timed out; nested exception is java.net.SocketTimeoutException: connect timed out}]"""
dadoonet
April 8, 2021, 10:22am
45
Please read again:
And:
Please format ALL the code parts as you did for only the last part of the code in this answer Elasticsearch query time range issue - #43 by suresh123 .
Hi David,
It woks perfectly. Let me get more then 1 lakh count.
Thanks
Hi David,
I am getting sort for every request
"sort" : [
So, which sort numbers I need to add in search_after ?
There are thousands of sorts, which sort numbers i need to give exactly
{
"_index" : "dev-nginx-logs-2021.04.08",
"_type" : "_doc",
"_id" : "ROTPrngBm5biRIvY1qF3",
"_score" : null,
"_source" : {
"request" : "image1",
"referrer" : "-",
"response_code" : 404,
"@timestamp" : "2021-04-08T00:09:19.193Z"
},
"sort" : [
1617840559193,
4294968280
]
},
{
"_index" : "dev-nginx-logs-2021.04.08",
"_type" : "_doc",
"_id" : "KuvPrngB9h4iHZ0t9DoD",
"_score" : null,
"_source" : {
"request" : "/images/windows_image",
"referrer" : "-",
"response_code" : 404,
"@timestamp" : "2021-04-08T00:09:26.194Z"
},
"sort" : [
1617840566194,
4294968281
]
},
This is the search_after which sort I need to give.
Hi David,
I took last value as it is giving Ascending order.
Thanks
dadoonet
April 8, 2021, 12:27pm
51
I think everything is good. So we can close this long thread now.
Feel free to open a new question if needed.
system
May 6, 2021, 12:42pm
53
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.