Get the hit count in EQL

sanju1323 · June 8, 2023, 12:00pm

Hi,

I'm using the EQL queries for my search and want to get the hits.total.value .
When I try the below query, i'm getting the hits.total.value as 10. But I'm not getting the total count of the hits for the search.

GET logstash-test/_eql/search
{
"query": "any where isalarm =="1""
}

Can someone please help me in getting hit count for the query. (Like I have 167543 hits matching for the above query. I have tried using fetch_size as well but that is not giving me the total count of 167543)

Priscilla_Parodi · June 28, 2023, 7:44pm

Hello @sanju1323,

By default, the size parameter is set to 10, which determines the maximum number of matching events that will be returned. Have you tried setting a higher value for the size parameter to get more hits?

GET logstash-test/_eql/search
{
   "query": "...",
   "size": ...
}

sanju1323 · June 30, 2023, 5:42am

Hi @Priscilla_Parodi,

Thanks for the update.
I have tried giving "size" as higher number. But we need the count of all the matching results.
Which means, if I have 20,000 hits, I want all the hits.

Please suggest.

Thanks

system · July 28, 2023, 5:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"query": { "match_all": {} } shows total:1000 but on console shows only 5 documents Kibana	6	459	April 4, 2018
How to get hits count as a filed value Kibana	5	287	April 20, 2021
I think in elasticsearch it shows the size of 10 by default but instead of 10 i want to set the size to total hits value that i am getting after running the query. I am attaching my query Please help me out Elasticsearch	2	209	September 20, 2021
Size parameter isn't working Elasticsearch	10	2364	July 6, 2017
Pagination Elastic Search Elasticsearch	8	633	March 12, 2019

Get the hit count in EQL

Related Topics