System Indices

Necus · June 21, 2019, 2:07pm

Hello,
Is there a way to search through all of the fields in system indices?
For example

.monitoring-es-6-YYYY.MM.DD

and fields:
cluster_name
cluster_state.cluster_uuid
etc.

gabriel_tessier · June 25, 2019, 1:32am

Hi,

For example search for text that start with "new" in all fields of all monitoring indices:

GET .monitoring-es-6-/_search?q=new

You can check more about query syntax here:

If you search in a limited fields list maybe better to check about multi_match

Necus · July 4, 2019, 2:00pm

Unfortunatelly it does not work, for some reasone (unknown to me) cluster name and other importart for me fields are in those standard and regular indices unsearchable.
{
"took" : 31,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : null,
"hits" :
}
}

gabriel_tessier · July 4, 2019, 2:04pm

Hi @Necus

Can you provide the search request you run? it may help to understand your problem and find a solution.

system · August 1, 2019, 2:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.