Hi ,
I am trying to pull the data from elastisearch through python script. I am using wildcard to select the index, but seems somehow it's not working properly.
Here is my script:
es = Elasticsearch([{'host': 'nofcnl004', 'port': 9200}])
res = es.search(index='event*', doc_type='lsbevent',body={"query": {"match": {"jobid": jobid}}})
for doc in res['hits']['hits']:
print("%s %s %s" %(doc['_source']['jobid'],doc['_source']['event_time'],doc['_source']['status']))
I see the o/p is -
2943736 Thu Mar 15 13:57:31 a
2943736 Thu Mar 15 13:57:31 b
2943736 Thu Mar 15 12:43:03 c
2943736 Thu Mar 15 13:57:31 d
2943736 Thu Mar 15 13:56:11 e
2943736 Thu Mar 15 13:56:11 f
2943736 Thu Mar 15 13:56:11 g
2943736 Thu Mar 15 13:57:31 h
2943736 Fri Mar 16 13:23:13 i
2943736 Fri Mar 16 13:23:32 j
but if I use the index event-2018.03.30 it shows the output
2943736 Fri Mar 30 04:35:56 a
2943736 Fri Mar 30 04:36:33 b
2943736 Fri Mar 30 04:36:31 c
2943736 Fri Mar 30 04:36:31 d
2943736 Fri Mar 30 04:36:32 e
2943736 Fri Mar 30 04:39:19 f
2943736 Fri Mar 30 04:39:20 g
My question is why it's not showing the Mar 30 data when I use wildcard on index (event*). Is these any restriction to display particular number of documents by deaults in python if yes how to remove this on python script