Hi,
I want to get data from multiple indexes and they might not have same pattern. I tried but it seems that I can get data from single index only at a time because it looks like discover works with only one index. I don't want to run query on on all indexes (because i have 200 indexes and I want to use only 2 indexes for performing search)
So I want something like -
Get data from index1 || index2
Thanks,
Abhishek
It works with patterns. What are your index names?
Lets say for example I have index names -
TEST-2015-12-30
TEST-2015-12-31
TEST-2016-01-01
TEST-2016-01-02
and i want data from TEST-2015-12-31 and TEST-2016-01-01 only..
Well, you could use a pattern like TEST-* and then limit the timeframe to those two days.
But I don't think it's exactly what you want.
My concern is it matches all indexes (TEST-*) and i believe it will end up searching all documents in all index where as i really want is last 2 daysof index to show on graphs. Like anytime i open a graph I want to see today's and yesterday's data only because i have around 50 billion records and around more than 60 indexes with any one pattern (like 60 days of data)
KB doesn't do that, if you want a specific timeframe it will only query the indices that have data that match it.
and how it knows that? I mean i can have index with any name (including date in index doesnt mean anything thats what i think) So finally it needs to go to the document in each index and check the timestamp field in document to decide right ?
It uses https://www.elastic.co/guide/en/elasticsearch/reference/current/search-field-stats.html
I should note, this only applies to newer versions of KB, I think it was used from 4.3 or so onwards.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.