How to get the max timestamp of an elastic search index?

ranganath_nangineni · May 28, 2018, 9:55am

Hi,

I have this requirement to verify the gap between logstash and elasticsearch processing .
For this , I need to get the max timestamp of the recent index entry.

Any input from the community regrading this ?

Christian_Dahlqvist · May 28, 2018, 11:29am

Run a max aggregation on the @timestamp field.

ranganath_nangineni · May 28, 2018, 12:09pm

Thanks for the update.

The output is showing all the metadata , how can I remove the metadata just to get the required value string .
Say

curl -XGET "http://localhost:9200/xyzindexpattern-*/_search?size=0" -H 'Content-Type: application/json' -d'

{
"aggs": {
"max_timestamp": {
"max": {
"field": "@timestamp"
}
}
}
}'
{"took":171,"timed_out":false,"_shards":{"total":135,"successful":135,"skipped":0,"failed":0},"hits":{"total":15841418,"max_score":0.0,"hits":},"aggregations":{"max_timestamp":{"value":1.527507651411E12,"value_as_string":"2018-05-28T11:40:51.411Z"}}}

in this I just need only "2018-05-28T11:40:51.411Z" should be displayed as the output.

Christian_Dahlqvist · May 28, 2018, 2:16pm

I think you will need to parse it out from that response.

system · June 25, 2018, 2:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.