Hi Folks,
I am running this query to get the IP addresses from ES indices however I noticed that I am unable to get all the src_ips and then found the scroll parameter.
Can someone please confirm if scroll API will help me find all the src_ips since beginning?
curl -s -XGET "https://127.0.0.1:16577/$INDICES/_search" -H 'Content-Type: application/json' -d'
{
"aggs": {
"ips": {
"terms": { "field": "src_ip.keyword", "size": 10000 }
}
},
"size" : 0
}'
}
If you want just the IPs and none of the docs you should use the composite aggregation and page results with the after parameter rather than use the terms aggregation
Hmm..would you please paste an example here? I am unable to co-relate how do I connect with my above query.
Change the word “terms” in your example to “composite”. Then read the docs on how to get the next 10000 using the “after” parameter
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.