[Universal Profiling] Indexes are empty

Jakub_Zilinek · March 20, 2024, 1:22pm

Hello,
I am currently exploring the functionality of Elastic Universal Profiling and have encountered an issue while attempting to query the data stored within Elastic. Specifically, when using the following query:

orchestrator.resource.name: "foo" and process.thread.name: "java" and container.name: "bar"

The returned documents appear to be empty, as illustrated below:

{
  "_index": ".ds-profiling-events-all-2024.03.20-000007",
  "_id": "8_nvW44B2KTuzYmIYK76",
  "_version": 1,
  "_score": 0
}

What is wrong with it, how can i query the data ?

Thanks

danielmitterdorfer · April 10, 2024, 8:21am

Hi,

The fact that you're seeing hits, means that at least some documents match your query. You're not seeing any data because we have disabled _source to save storage space. You can however, specify docvalue_fields to retrieve properties from the matching docs. Here's an example:

GET /profiling-events-all/_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": "2024-04-10 00:00:00",
              "lt": "2024-04-10 23:00:00",
              "format": "yyyy-MM-dd HH:mm:ss"
            }
          }
        }
      ]
    }
  },
  "size": 3,
  "docvalue_fields": [
    "*.*"
  ]
}

I understand that you want to perform this query for debug purposes but please note that the profiling-* datastreams and indices are not meant for direct consumption usually. For regular use you should therefore rely on the Kibana UI.

Cheers,
Daniel

system · May 8, 2024, 8:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.