How to query logstash elasticsearch API to get all data (Im only seeing data fields, not the actual data)

Garrett_Huff · June 12, 2017, 4:49pm

Hello, im trying to query the elasticsearch index that contains all of my logstash data (http://localhost:9200/logstash-*) but for some reason im not receiving the actual data documents, only the data field names and type. For an example, if i had a data field named "host", when i query the URL above i get back a field "host": {"type": "text", "norms": false, "fields": { "keyword": { "type": "keyword" }}},

Im sure that Im just specifying the wrong URL or something. Can someone tell me how I can query a rest api to return all of my logstash documents?

Thanks

lwintergerst · June 13, 2017, 6:47pm

Hello Garrett,
try using this:
http://localhost:9200/logstash-*/_search

By default you will get 10 documents. If you need more give the size parameter a try:
/_search?size=20

Try not to make the size too large (>10.000)
We talk about the reasons in this chapter of the definitive guide.
https://www.elastic.co/guide/en/elasticsearch/guide/current/pagination.html
Please note that the book is based on 2.x but the same principles still apply.

Let me know if that helps

Luca

system · July 11, 2017, 6:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash: problem for querying elasticsearch Logstash	16	1947	July 6, 2017
How to query the index and only get specific indecies Logstash	3	448	March 27, 2017
Search API Questions Elasticsearch	6	524	July 5, 2017
Elastic Search Logstash how to query all fields and get all fields into pipeline? Logstash	1	266	May 5, 2022
Elasticsearch input plugin size Logstash	8	1399	August 31, 2021

How to query logstash elasticsearch API to get all data (Im only seeing data fields, not the actual data)

Related topics