Scroll parameter to get all the values from ES indices

Blason · December 9, 2019, 2:12pm

Hi Folks,

I am running this query to get the IP addresses from ES indices however I noticed that I am unable to get all the src_ips and then found the scroll parameter.

Can someone please confirm if scroll API will help me find all the src_ips since beginning?

curl -s -XGET "https://127.0.0.1:16577/$INDICES/_search" -H 'Content-Type: application/json' -d'
{
  "aggs": {
    "ips": {
      "terms": { "field": "src_ip.keyword", "size": 10000 }
      }
    },
  "size" : 0
  }'
}

Mark_Harwood · December 11, 2019, 9:06am

If you want just the IPs and none of the docs you should use the composite aggregation and page results with the after parameter rather than use the terms aggregation

Blason · December 11, 2019, 6:01pm

Hmm..would you please paste an example here? I am unable to co-relate how do I connect with my above query.

Mark_Harwood · December 11, 2019, 9:43pm

Change the word “terms” in your example to “composite”. Then read the docs on how to get the next 10000 using the “after” parameter

system · January 8, 2020, 9:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
230k aggregation trying to get an output Elasticsearch	3	389	June 22, 2019
Get all documents from an index Elasticsearch	10	107208	June 21, 2017
How to download data from an elasticsearch index Elasticsearch	13	27948	May 14, 2021
Scroll in ElasticSearch Aggregation Elasticsearch	7	10605	December 27, 2019
Help needed with Proper usage of scroll api using python: Getting the same results Elasticsearch	5	2116	July 13, 2018

Scroll parameter to get all the values from ES indices

Related topics