Hello,
I'd like to get all data that I have in index to a file (text or json) or use logstash to fetch the data and transport the data directly to another database (InfluxDB in particular) by using elasticsearch input and InfluxDB output. Speaking of files I'd like to transport only the content in "message" field without metadata or in json format so I can after that use logstash to parse it by using filter for match the message part
Anyway, when trying to fetch the data with:
POST index/_search?filter_path=-_shards,-took,-timed_out,-max_score,-_index,-_type
{
"size": 2,
"query": {
"match_all": {}
},
"_source": ["message"]
}
I'm getting the following:
{
"hits" : {
"total" : {
"value" : 10000,
"relation" : "gte"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "index",
"_type" : "_doc",
"_id" : "iqunQ28BAVPjMLNbeNF9",
"_score" : 1.0,
"_source" : {
"message" : "content_of_the_message"
}
},
{
"_index" : "index",
"_type" : "_doc",
"_id" : "jaunQ28BAVPjMLNbfNFn",
"_score" : 1.0,
"_source" : {
"message" : "content_of_the_message"
}
}
]
}
}
The first question regarding to the output: Is the output taken from the first record in the index and continuing to the last one?
Second question is if it's possible to get rid of the metadata like "_index","_type" etc and get only the content of the message field?
And of course the last and the most important question is what's the easiest way to get data (messages) from the index?