Using the Curl Command

Elastic Stack Logstash
1

Hello,

In order to validate that my log entries are being parsed correctly, I am running the following command:

curl http://localhost:9200/_search?

Whenever a new entry is added, I see the "Hit" increment as expected. I have the following questions:

  1. I seem to only see the details of 10 entries. Is there a way to modify the configuration in order to see ALL the entries in chronological order?

  2. Is it normal that there is some kind of delay between the time that an entry is entered in Logstash and the time that you can see the entry using the curl command above?

  3. What is the command to delete specific entries?

  4. Is there a reason why I do not see any entries at all?

Thanks for all your assistance

2
  1. Yes, set the the size parameter in the query body. See https://www.elastic.co/guide/en/elasticsearch/reference/1.7/search-request-from-size.html.
  2. Yes, documents are only available for queries after a refresh has taken place. Logstash indexes will (IIRC) be refreshed every five seconds by default.
  3. Use the delete API to delete documents by id and the delete by query API to, well, delete documents based on a query (but note that it's deprecated).
  4. That's impossible to answer with the information you've given us.