Getting index status from monitoring data index .monitoring-es-*

I'm trying to get an output of all the indices that are not in green state from monitoring data, but not able to using elastic queries. Tried standard filters/must and also script. Below is the observation

index_stats.status provides the status of indice, but it is only available as part of _source. Reason, the mapping for monitoring indice doesn't include it for index_stats, and dynamic is false for mapping. So I'm not able to filter/query. I have to get all the indices info, and filter in any further scripting. To get all the indices info, I have to change the output size of terms in aggregation.

Is there a way to filter out on status directly in queries. If not, we may need new request in git to put field mappings for known values like status in xpack monitoring indice mapping.

NOTE: Script filter is not working as it doesn't support _source.index_status.status. _source is not supported. It is also discussed in Accessing _source from script search in 5.0

Hi Karthik,

The index_stats.status field was added to the Elasticsearch monitoring collector, but it is not yet consumed by our monitoring UI. That is why it is not yet mapped.

You can use this field in your own queries, but first you'd need to add your own index template for the .monitoring-es-* indices.

Just make sure whenever you add an index template for a system index, it doesn't conflict with any fields that are in use.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.