Exploring an index


(llowder@oreillyauto.com) #1

I'm pretty new to elasticsearch, and I have an index I did not create that
I am trying to explore and learn about.

Most of the examples I have seen on the website seem to assume that "id" is
known when using a get (it's generated, based on some sort of hashing)

I tried doing a search to get a listing:

curl -XPOST 'http://localhost:9200/graylog2/message?pretty=true' -d '{
"fields" : ["_level", "_severity", "_Severity", "facility", "_loglevel",
"level"], "query" : { "facility" : "TeamMemberStatusChange" } }
}'
{
"ok" : true,
"_index" : "graylog2",
"_type" : "message",
"_id" : "FvOjHTRvQj-F6_T3f5Rkxw",
"_version" : 1
}
and

curl -XPOST 'http://localhost:9200/graylog2/m_search?pretty=true' -d '{
"fields" : ["_level", "_severity", "_Severity", "facility", "_loglevel",
"level"], "query" : { "facility" : "TeamMemberStatusChange" } } }'
{
"ok" : true,
"_index" : "graylog2",
"_type" : "m_search",
"_id" : "X6gushGRQyq87yQp4A2r_A",
"_version" : 1
}

Am I not understanding what I've read in the docs, or is there something
else I am doing wrong?

Any suggestions or pointers would be much appreciated.


(Ivan Brusic) #2

First of all, you should be using GET requests and not POST. Not sure
if POST works (I do not use REST), but it is best to stick with GET.

Most importantly, you are missing the actual endpoint for a service.
The URL you are using has graylog2 as the index and m_search as the
type. After that, you need to specify a service endpoint such as
_search.

http://www.elasticsearch.org/guide/reference/api/search/

Your query is also incorrect. Not sure what you are after, but you can
view a few examples here:
http://www.elasticsearch.org/guide/reference/query-dsl/ Any of those
queries will go inside you query block.

Cheers,

Ivan

On Mon, Jun 11, 2012 at 2:49 PM, llowder@oreillyauto.com
llowder@oreillyauto.com wrote:

I'm pretty new to elasticsearch, and I have an index I did not create that I
am trying to explore and learn about.

Most of the examples I have seen on the website seem to assume that "id" is
known when using a get (it's generated, based on some sort of hashing)

I tried doing a search to get a listing:

curl -XPOST 'http://localhost:9200/graylog2/message?pretty=true' -d '{
"fields" : ["_level", "_severity", "_Severity", "facility", "_loglevel",
"level"], "query" : { "facility" : "TeamMemberStatusChange" } }
}'
{
"ok" : true,
"_index" : "graylog2",
"_type" : "message",
"_id" : "FvOjHTRvQj-F6_T3f5Rkxw",
"_version" : 1
}
and

curl -XPOST 'http://localhost:9200/graylog2/m_search?pretty=true' -d '{
"fields" : ["_level", "_severity", "_Severity", "facility", "_loglevel",
"level"], "query" : { "facility" : "TeamMemberStatusChange" } } }'
{
"ok" : true,
"_index" : "graylog2",
"_type" : "m_search",
"_id" : "X6gushGRQyq87yQp4A2r_A",
"_version" : 1
}

Am I not understanding what I've read in the docs, or is there something
else I am doing wrong?

Any suggestions or pointers would be much appreciated.


(Clinton Gormley) #3

On Mon, 2012-06-11 at 15:27 -0700, Ivan Brusic wrote:

First of all, you should be using GET requests and not POST. Not sure
if POST works (I do not use REST), but it is best to stick with GET.

POST works for search too, because Javascript doesn't allow GET requests
with a body.

clint


(llowder@oreillyauto.com) #4

On Monday, June 11, 2012 5:27:45 PM UTC-5, Ivan Brusic wrote:

First of all, you should be using GET requests and not POST. Not sure
if POST works (I do not use REST), but it is best to stick with GET.

Most importantly, you are missing the actual endpoint for a service.
The URL you are using has graylog2 as the index and m_search as the
type. After that, you need to specify a service endpoint such as
_search.

The m_search was actually a typo, but I've corrected that.

http://www.elasticsearch.org/guide/reference/api/search/

Your query is also incorrect. Not sure what you are after, but you can
view a few examples here:
http://www.elasticsearch.org/guide/reference/query-dsl/ Any of those
queries will go inside you query block.

I had looked at those, but am still somewhat confused.

I have a field that has various webapps that we host as it's value. I'm
trying to do a query based on the app names.

The field name is facility.

I tried:

curl -XPOST 'http://localhost:9200/graylog2/message/_search?pretty=true' -d
'{ "query_string" : { "default_field" : "facility", "query" :
"TeamMemberStatusChange" } }'

but got:

{
"error" : "SearchPhaseExecutionException[Failed to execute phase
[query_fetch], total failure; shardFailures
{[z_9NhCT0TfCuibOP4trExQ][graylog2][0]: SearchParseException[[graylog2][0]:
from[-1],size[-1]: Parse Failure [Failed to parse source [{
"query_string" : { "default_field" : "facility", "query" :
"TeamMemberStatusChange" } }]]]; nested:
SearchParseException[[graylog2][0]: from[-1],size[-1]: Parse Failure [No
parser for element [query_string]]]; }]",
"status" : 500
}

This was based off the example found at:
http://www.elasticsearch.org/guide/reference/query-dsl/query-string-query.html

I also tried the example from
http://www.elasticsearch.org/guide/reference/query-dsl/field-query.html :

curl -XPOST 'http://localhost:9200/graylog2/message/_search?pretty=true' -d
'{ field" : { "facility" : "+TeamMemberStatusChange" } }'

{
"error" : "SearchPhaseExecutionException[Failed to execute phase
[query_fetch], total failure; shardFailures
{[z_9NhCT0TfCuibOP4trExQ][graylog2][0]: SearchParseException[[graylog2][0]:
from[-1],size[-1]: Parse Failure [Failed to parse source [{ "field" : {
"facility" : "+TeamMemberStatusChange" } }]]]; nested:
SearchParseException[[graylog2][0]: from[-1],size[-1]: Parse Failure [No
parser for element [field]]]; }]",
"status" : 500
}

I'm going to try watching some of the videos, but so far I am thoroughly
confused at this point.


(Crwe) #5

I tried:

curl -XPOST 'http://localhost:9200/graylog2/message/_search?pretty=true'-d
'{ "query_string" : { "default_field" : "facility", "query" :
"TeamMemberStatusChange" } }'

I think you need to wrap the data part in a "query": { ... } block.
The examples on the web are a bit tricky that way -- getting the whole
syntax to a working state is sometimes not trivial. And it gets even
crazier with more advanced syntax, like custom_score :slight_smile:


(system) #6