Hello,
I am currently exploring the functionality of Elastic Universal Profiling and have encountered an issue while attempting to query the data stored within Elastic. Specifically, when using the following query:
orchestrator.resource.name: "foo" and process.thread.name: "java" and container.name: "bar"
The returned documents appear to be empty, as illustrated below:
{
"_index": ".ds-profiling-events-all-2024.03.20-000007",
"_id": "8_nvW44B2KTuzYmIYK76",
"_version": 1,
"_score": 0
}
What is wrong with it, how can i query the data ?
Thanks 
Hi,
The fact that you're seeing hits, means that at least some documents match your query. You're not seeing any data because we have disabled _source to save storage space. You can however, specify docvalue_fields to retrieve properties from the matching docs. Here's an example:
GET /profiling-events-all/_search
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "2024-04-10 00:00:00",
"lt": "2024-04-10 23:00:00",
"format": "yyyy-MM-dd HH:mm:ss"
}
}
}
]
}
},
"size": 3,
"docvalue_fields": [
"*.*"
]
}
I understand that you want to perform this query for debug purposes but please note that the profiling-* datastreams and indices are not meant for direct consumption usually. For regular use you should therefore rely on the Kibana UI.
Cheers,
Daniel