Searching Elasticsearch
October 11, 2016
I wanted to return a list of entries from ElasticSearch, and I wanted to just return ones where the _type field was set to c.
http://host:9200/logstash-2016.10.05/_search?q=_type:c&pretty=true
This URL will filter to just the rows with a _type of c.
{
"took" : 28,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 24622,
"max_score" : 1.0,
"hits" : [ {
"_index" : "logstash-2016.10.05",
"_type" : "c",
"_id" : "BQeSar-uwLSb0DFrQsA0",
"_score" : 1.0,
"_source": {"message":"message1","@version":"1","@timestamp":"2016-10-05T01:17:29.767Z","host":"172.24.130.152","type":"c","start":"false","end":"false","pid":"13251","environment":"ENV1","process":"WriteFileData"}
}, {
"_index" : "logstash-2016.10.05",
"_type" : "c",
"_id" : "BQeSar-uwL6RfvCrQsA4",
"_score" : 1.0,
"_source": {"message":"message2","@version":"1","@timestamp":"2016-10-05T01:17:29.767Z","host":"172.24.130.152","type":"c","start":"false","end":"false","pid":"13251","environment":"ENV1"}
} ]
}
}
By default this will return 10 matches. To return more add &size=10000 to the URL.
