How to query logstash elasticsearch API to get all data (Im only seeing data fields, not the actual data)

Garrett_Huff · June 12, 2017, 4:49pm

Hello, im trying to query the elasticsearch index that contains all of my logstash data (http://localhost:9200/logstash-*) but for some reason im not receiving the actual data documents, only the data field names and type. For an example, if i had a data field named "host", when i query the URL above i get back a field "host": {"type": "text", "norms": false, "fields": { "keyword": { "type": "keyword" }}},

Im sure that Im just specifying the wrong URL or something. Can someone tell me how I can query a rest api to return all of my logstash documents?

Thanks

lwintergerst · June 13, 2017, 6:47pm

Hello Garrett,
try using this:
http://localhost:9200/logstash-*/_search

By default you will get 10 documents. If you need more give the size parameter a try:
/_search?size=20

Try not to make the size too large (>10.000)
We talk about the reasons in this chapter of the definitive guide.
https://www.elastic.co/guide/en/elasticsearch/guide/current/pagination.html
Please note that the book is based on 2.x but the same principles still apply.

Let me know if that helps

Luca

Topic		Replies	Views
Retrieve multiple documents in elasticsearch filter Logstash	3	900	August 26, 2019
Elastic Search API queries for index logs Elasticsearch elastic-agent	4	606	October 21, 2020
REST calls for elastic search Elasticsearch	2	483	July 5, 2017
How to get all documents in Elasticsearch? Elasticsearch	4	1054	March 8, 2018
Not able to get expected output from elasticsearch through logstash pipeline Logstash	4	529	January 11, 2018

How to query logstash elasticsearch API to get all data (Im only seeing data fields, not the actual data)

Related topics