PHP-Elasticsearch not returning all results like Kibana

Veer_Shubhranshu_Shr · July 29, 2016, 10:11am

Hi,

We have configured ELK for our server logs.

We want to query elasticsearch using PHP. Below is our code:

//Change URL Accordingly
$elasticServer = ["172.29.106.202:9200"]; //Server IP / Name

//Create Elastic Search Object
$client = Elasticsearch\ClientBuilder::create()
	    ->setHosts($elasticServer)
	    ->setRetries(0)
	    ->build();

$result = new stdClass();

$params = array();
$params['index'] = '*'; //search all index
$params['type'] = 'Beta Logs from 51.66';
$params['body']['query']['match']['message'] =  "Action:read_session";
$result->searches = $client->search($params);

This returns a set of data. But however, the data returned is not similar to what I get from Kibana UI.

Any explanation? or change in the code?

colings86 · July 29, 2016, 12:13pm

Could you explain how the results from this code differ from the results you see in Kibana? Without this it's going to be very hard for someone to give you a reason why you see a difference. Can you also tell us which versions of Kibana and Elasticsearch you are using?

Veer_Shubhranshu_Shr · August 1, 2016, 4:24am

Total of 54 results are shown from Kibana - Discover Tab, whereas only few results (17) are returned from PHP Library. I am using Kibana 4.5 and Elasticsearch 2.3.2.