Search From Multiple Indexes

Gaurav_Patel · August 9, 2018, 7:03am

Is there a way to search records from multiple indexes?

Here is requirement, we are receiving 200 GB data per day, Also, i need to delete data based day wise,
so i am planing to build index on daily bases, so i can easily remove entire index.

if user search for 1 week of data, i need to search data from 7 different Indexes.
How can i search from multiple Indexes?

Also, if i delete data from existing records, will index rebuild automatically or I need to do it manually?

Regards,
Gaurav Patel

dadoonet · August 9, 2018, 8:12am

Just use index aliases. That's very convenient.
Or search in foo-* that will work as well.

Gaurav_Patel · August 9, 2018, 8:53am

Thanks a lot @dadoonet for quick reply, I am new to elasticsearch and with .net background. Could you please provide any reference or sample of it to go through. it will help me lot.

dadoonet · August 9, 2018, 8:56am

Searching in multiple indices. Imagine this scenario:

DELETE foo-1,foo-2,foo-3
POST foo-1/_doc
{
  "foo": "bar"
}
POST foo-2/_doc
{
  "foo": "bar"
}
POST foo-3/_doc
{
  "foo": "bar"
}

To search within all indices, run:

GET /_search

To search in indices starting with foo-, run:

GET foo-*/_search

About index aliases, read: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html

Gaurav_Patel · August 9, 2018, 10:03am

Thank you very much @dadoonet, for your quick response and support. Rally appreciate.

Gaurav_Patel · August 10, 2018, 12:09pm

Hi @dadoonet

Below Indexes are created as per guidance and data is inserted into it.

e.g
logs-2018-5-25,

timestamp": "2018-05-25T01:24:18.595Z
SourceId: 1
Data:"Sample Data"

logs-2018-5-28,
timestamp": "2018-05-28T01:24:18.595Z
SourceId: 1
Data:"Sample Data"

logs-2018-5-31
timestamp": "2018-05-31T01:24:18.595Z
SourceId: 1
Data:"Sample Data"

If i want to search records for date "2018-05-25" and "2018-05-28", Is their any way i can set those value into "Routing" options of "SearchRequest". or is their any other way so that instead of looking into all available Indexes under Aliases?

dadoonet · August 10, 2018, 12:18pm

Add a date range query in your query.

Gaurav_Patel · August 10, 2018, 12:51pm

Hi, @dadoonet,

I added date into filers, see below code. Even though its going to search in all indexes instead of two. See attached image.

var queryForm = new TermQuery
{
Field = "extendedData.name",
Value = "bothnull1"
};

        var rangeQuery = new DateRangeQuery
        {
            Field = "timestamp",
            GreaterThanOrEqualTo = new DateTime(2018, 05, 25),
            LessThanOrEqualTo = new DateTime(2018, 06, 28)
        };

        
        SearchRequest requ = new SearchRequest("callogs-*");            
        requ.Query = (queryForm && rangeQuery);

dadoonet · August 10, 2018, 1:03pm

Yes. Is that a problem? Specifically if you add that within a filter clause of a bool query.

dadoonet · August 10, 2018, 1:13pm

I mean that if you really want to set on which indices you want to work, you should do something like:

SearchRequest requ = new SearchRequest("callogs-2018-05-25","callogs-2018-05-26", ...);

Or use date math like: https://www.elastic.co/guide/en/elasticsearch/reference/current/date-math-index-names.html

Gaurav_Patel · August 10, 2018, 1:17pm

Thanks a lot @dadoonet for your quick response and guidance. let me go through it.

Rally appreciate your support and help.

Gaurav_Patel · August 28, 2018, 5:32am

Hi @dadoonet

Need your guidance for some points.

Can i pass sql query to Search() method of ElasticClient?

Like "Select * from callogs where ...." to Search() method of ElasticClient? I am using "NEST" package for
my .net applicaton?
My application provide dynamically creation facility, application convert user criteria into sql server WHERE condition runtime , is their way i can convert sql WHERE condition into Elastic compatible
What parameter i need to pass to NOT convert filed to lower case while creating index?
e.g Public Class Logs{

public string AppUserName{get;set;}
public string AssemblyName{get;set;}

}

When i pass object of Employee for indexing it convert "AppUserName" to "appUserName" and "AssemblyName" to "assemblyName", how can i ignore converting property name to lower case.

I read some where that Elastic provide queuing facility, it is true? can you please provide me some detail of it.

forloop · August 28, 2018, 11:15pm

@Gaurav_Patel

rather than add additional questions onto a specific question about multiple indices, it would be better to open a new question(s); they'll get more visibility as new questions, and it'll also be easier for others to find the answers if they have similar questions in the future.

Gaurav_Patel · August 29, 2018, 7:43am

Sure Sir, let me post as separate questions.

system · September 26, 2018, 7:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query data from multiple indexes Elasticsearch	5	414	December 14, 2018
Data in different indexes Elasticsearch	2	369	January 9, 2017
Is it possible to filter multiple records of one index from another index in elasticsearch query? Elasticsearch	2	1213	January 1, 2020
How to search across multiple indices in single query? Logstash	2	260	July 13, 2020
Is there a Way Fetch Data From Multiple Indexes Elasticsearch	2	210	June 7, 2022

Search From Multiple Indexes

Related topics