Scroll parameter to get all the values from ES indices

Blason · December 9, 2019, 2:12pm

Hi Folks,

I am running this query to get the IP addresses from ES indices however I noticed that I am unable to get all the src_ips and then found the scroll parameter.

Can someone please confirm if scroll API will help me find all the src_ips since beginning?

curl -s -XGET "https://127.0.0.1:16577/$INDICES/_search" -H 'Content-Type: application/json' -d'
{
  "aggs": {
    "ips": {
      "terms": { "field": "src_ip.keyword", "size": 10000 }
      }
    },
  "size" : 0
  }'
}

Mark_Harwood · December 11, 2019, 9:06am

If you want just the IPs and none of the docs you should use the composite aggregation and page results with the after parameter rather than use the terms aggregation

Blason · December 11, 2019, 6:01pm

Hmm..would you please paste an example here? I am unable to co-relate how do I connect with my above query.

Mark_Harwood · December 11, 2019, 9:43pm

Change the word “terms” in your example to “composite”. Then read the docs on how to get the next 10000 using the “after” parameter

Topic		Replies	Views
Java Scroll Api with aggregation Elasticsearch	1	316	March 1, 2021
API Requesting all documents in a certain range Elasticsearch	5	638	February 10, 2018
230k aggregation trying to get an output Elasticsearch	3	414	June 22, 2019
Get all documents from an index Elasticsearch	10	110947	June 21, 2017
Query and return all of the results Elasticsearch	5	34965	July 5, 2017

Scroll parameter to get all the values from ES indices

Related topics