Hi All,
I am using metricbeat to monitor the system metrics like cpu, process, memory etc.. and the data is sending to elasticsearch directly and I am trying to write elasticsearch query to fetch the specific fields from the metricbeat index and below is the query I tried,
GET metricbeat-2018.10.05/_search
{
"_source": {
"includes": [
"@timestamp",
"system.cpu.idle.pct"
]
},
"query": {
"match_all": {}
}
}
and below is the response from the query,
{
"took": 7,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1014212,
"max_score": 1,
"hits": [
{
"_index": "metricbeat-2018.10.05",
"_type": "doc",
"_id": "nJKXQ2YBcZrVnoszPvSG",
"_score": 1,
"_source": {
"@timestamp": "2018-10-05T09:37:56.234Z"
}
},
{
"_index": "metricbeat-2018.10.05",
"_type": "doc",
"_id": "npKXQ2YBcZrVnoszPvSG",
"_score": 1,
"_source": {
"@timestamp": "2018-10-05T09:37:56.234Z"
}
}
I am not sure why the "system.cpu.idle.pct" field is not showing in the output response. Though I checked the mapping of the index and I can see that there is "no nested" type for that fields and below is the mapping of the index,
"system": {
"properties": {
"cpu": {
"properties": {
"cores": {
"type": "long"
},
"idle": {
"properties": {
"pct": {
"type": "long"
}
}
}
How to get specific fields from the metricbeat index using es query?
Please let me know your thoughts and correct if i am doing anything wrong.
Regards,
Ganeshbabu R