Trying to show all records in given time range using "size:0"

I tried searching to find an option for this question. But all says to put the size value in the query to get the output.

Rather than, define the size value in the query [ by default it returns 10 records ], I need to show all the data in the specific time range. Since its a dynamic data to be indexed in the database.

Trying to get last 1 hours "ALL" data from my index, I tried to set "size:0" in the query. But it doesn't result all the records on the given timestamp. Some posts says to define size limit like "size:100" to get 100 records.

curl -XGET "http://localhost:9200/demo/_search" -H 'Content-Type: application/json' -d'{"size":0,"query":{"bool":{"must":{"term":{"ip":"10.11.12.13"}}}},"_source":["host","timestamp"]}'

Please let me know ,is there any problem with above query or Its not possible to get unlimited records.

I could be wrong, but I think you'd have to do that on the application level. Maybe have one request with size set to zero to check the number of hits, then have your code set that number in a secondary request.

I'm relatively new to ES, but I'm not sure why it shouldn't be able to give you all the records in one request though.

To extract a resultset it's better to use the scroll API.

Elasticsearch can not give back by default more than 10000 docs because of memory usage more likely.

Thanks, Right now I'm using this way. But wanted to know any limit on output record. I got an answer for the record limit from "David Pilato" on last reply.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.