Search api not returning the results

ritusingh · February 8, 2021, 7:54am

Hi,
I want to get the logs from all the indices in elasticsearch for which I am using following search API.

https://localhost:9200/_search?pretty=true

Output:

{
    "took": 28,
    "timed_out": false,
    "_shards": {
        "total": 77,
        "successful": 77,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 10000,
            "relation": "gte"
        },
        "max_score": 1,
        "hits": [
            {
                "_index": ".kibana_1",
                "_type": "_doc",
                "_id": "space:default",
                "_score": 1,
                "_source": {
                    "space": {
                        "name": "Default",
                        "description": "This is your default space!",
                        "color": "#00bfb3",
                        "disabledFeatures": [],
                        "_reserved": true
                    },
                    "type": "space",
                    "references": [],
                    "migrationVersion": {
                        "space": "6.6.0"
                    },
                    "updated_at": "2020-10-30T09:42:35.434Z"
                }
            },
            {
                "_index": ".kibana_1",
                "_type": "_doc",
                "_id": "visualization:9222cd00-1cd8-11eb-b9f1-333a51f1559f",
                "_score": 1,
                "_source": {
                    "visualization": {
                        "title": "customer_journey_table",
                        "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"host_name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"httpmethod.keyword\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Http_method\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"date_time.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"date_time\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"customer_journey_table\"}",
                        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
                        "description": "",
                        "version": 1,
                        "kibanaSavedObjectMeta": {
                            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
                        }
                    },
                    "type": "visualization",
                    "references": [
                        {
                            "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
                            "type": "index-pattern",
                            "id": "162c0440-1cd4-11eb-b9f1-333a51f1559f"
                        }
                    ],
                    "migrationVersion": {
                        "visualization": "7.7.0"
                    },
                    "updated_at": "2020-11-02T06:56:45.520Z"
                }
            },
            {
                "_index": ".kibana_1",
                "_type": "_doc",
                "_id": "visualization:57550c70-1cd7-11eb-b9f1-333a51f1559f",
                "_score": 1,
                "_source": {
                    "visualization": {
                        "title": "Customer_journey",
                        "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"_id\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User_id\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"host_name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Customer_journey\"}",
                        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
                        "description": "",
                        "version": 1,
                        "kibanaSavedObjectMeta": {
                            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
                        }
                    },
...........and so on.

Now the problem is, I am not getting the logs inserted by me under _source (only index and some metadata). Please help.

rohitarorait82 · February 8, 2021, 8:27am

Hi @ritusingh : Can you please search with specific index name

https://localhost:9200/ind_name/_search?pretty=true

ritusingh · February 8, 2021, 8:29am

Thanks for reply Rohit,
If I go with specific index or even a wildcard expression like ola*, it is working , but I want all the indices created by me.

rohitarorait82 · February 8, 2021, 8:43am

@ritusingh : Can you try this
POST https://localhost:9200/*/_search
{
"size": 500,
"sort": [
{
"@timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
]
}

ritusingh · February 8, 2021, 9:20am

Thanks a lot Rohit. Its working

ritusingh · February 9, 2021, 6:47am

Hi Rohit, there is one doubt , using this solution how can I avoid default indices like .kibana_1, .apm_monitoring etc? And also is it possible that I get only one log from each index?

system · March 9, 2021, 6:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.