Not able to see the cluster status attribute in monitoring-es index

Elastic Stack Elasticsearch
,
1

I am working on creating an alert around cluster status wherein I am using .monitoring-es-* index to extract the cluster status.

But after doing some initial study, I realized that index does not contain that attribute.

Here is the script and response for reference:
GET .monitoring-es-6-2018.10.03/_search
{
"size": 1
}

Response:

{
  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 315354,
    "max_score": 1,
    "hits": [
      {
        "_index": ".monitoring-es-6-2018.10.03",
        "_type": "doc",
        "_id": "*******************",
        "_score": 1,
        "_source": {
          "cluster_uuid": "********
          "timestamp": "2018-10-03T00:00:47.559Z",
          "interval_ms": 10000,
          "type": "shards",
          "source_node": {
            "uuid": "********",
            "host": "10.0.21.114",
            "transport_address": "********",
            "ip": "*******",
            "name": "instance-0000000008",
            "timestamp": "2018-10-03T00:00:47.559Z"
          },
          "state_uuid": "YfCDPBgGTF2bh4sCDasilw",
          "shard": {
            "state": "STARTED",
            "primary": true,
            "node": "gIPSPXqDT5anM1NI8Y1sTA",
            "relocating_node": null,
            "shard": 0,
            "index": ".watcher-history-7-2018.10.01"
          }
        }
      }
    ]
  }
}
2

that index contains different kinds of documents, this one being returned was from type=shards. Search for a few more and you wil lsee, there are different types with different content.

--Alex

3

If I have to filter on type attribute, how can I do that?

4

by using a term query or a match query on the type field

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.