Get all rollover indexes in ES
0
I have elastic search rollover indexes like as shown below
/logs-dev-myapp-000001
/logs-dev-myapp-000002
/logs-dev-myapp-000003
/logs-dev-myapp-000004
/logs-dev-myapp-000005
:
:
/logs-dev-myapp-000030
Can anyone please tell me how to find all the rollover indexes from a ES GET query. Also is there any way in which we can find the oldest and newest index rollover indexes in Elastic Search
I am using ElasticSearch-6.4 Version
elasticsearch rollover elasticsearch-6
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
add a comment |
0
I have elastic search rollover indexes like as shown below
/logs-dev-myapp-000001
/logs-dev-myapp-000002
/logs-dev-myapp-000003
/logs-dev-myapp-000004
/logs-dev-myapp-000005
:
:
/logs-dev-myapp-000030
Can anyone please tell me how to find all the rollover indexes from a ES GET query. Also is there any way in which we can find the oldest and newest index rollover indexes in Elastic Search
I am using ElasticSearch-6.4 Version
elasticsearch rollover elasticsearch-6
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
add a comment |
0
0
0
I have elastic search rollover indexes like as shown below
/logs-dev-myapp-000001
/logs-dev-myapp-000002
/logs-dev-myapp-000003
/logs-dev-myapp-000004
/logs-dev-myapp-000005
:
:
/logs-dev-myapp-000030
Can anyone please tell me how to find all the rollover indexes from a ES GET query. Also is there any way in which we can find the oldest and newest index rollover indexes in Elastic Search
I am using ElasticSearch-6.4 Version
elasticsearch rollover elasticsearch-6
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
I have elastic search rollover indexes like as shown below
/logs-dev-myapp-000001
/logs-dev-myapp-000002
/logs-dev-myapp-000003
/logs-dev-myapp-000004
/logs-dev-myapp-000005
:
:
/logs-dev-myapp-000030
Can anyone please tell me how to find all the rollover indexes from a ES GET query. Also is there any way in which we can find the oldest and newest index rollover indexes in Elastic Search
I am using ElasticSearch-6.4 Version
elasticsearch rollover elasticsearch-6
elasticsearch rollover elasticsearch-6
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
edited Nov 14 '18 at 16:47
Alex Man
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
asked Nov 13 '18 at 17:40
Alex ManAlex Man
1,2871147106
1,2871147106
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1
List of Indexes
To know the list of indexes using its prefix, you can make use of below URL
http://<your_host_name>:<your_port_num>/_cat/indices/logs-dev-myapp-*?v&s=i
or use below GET query
GET /_cat/indices/logs-dev-myapp-*?v&s=i
Highest and Lowest (based on document counts)
Now for the highest and lowest, I suppose when you mean it you are asking with respect to documents count, you can make use of the below aggregation query.
Note that the below query would also display list of indexes.
POST logs-dev-myapp-*/_search
{
"size":0,
"aggs":{
"indices":{
"terms":{
"field":"_index",
"size":100
}
},
"max":{
"max_bucket":{
"buckets_path":"indices._count"
}
},
"min":{
"min_bucket":{
"buckets_path":"indices._count"
}
}
},
"sort":[
{
"_index":{
"order":"asc"
}
}
],
"script_fields":{
"index_name":{
"script":{
"lang":"painless",
"source":"doc['_index']"
}
}
}
}
Useful Links
Refer to this LINK for more info in the field _index.
And I've made use of Max Bucket and Min Bucket pipeline aggregations with Terms Aggregation
Let me know if it helps!
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given"size":0, use of thatscript_fields, reason forsize":100inindices, also how the min and max is calculated whether it is from size of the indexes etc
– Alex Man
Nov 14 '18 at 5:45
"size": 0so that you only see aggregation results. Or else it would also show you the documents for that indexes too."size": 100so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not fromsizebut fromdocument count. Seeing that its log data and same format of documents would be in all indexes, consideringdocument countsshould suffice.
– Kamal
Nov 14 '18 at 8:17
thanks for the info. what aboutscript_fields?
– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fieldswould come in place if you change the"size":0to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change thesizeto1, try once withscript fieldsand again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.
– Kamal
Nov 14 '18 at 10:26
|
show 1 more comment
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286695%2fget-all-rollover-indexes-in-es%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
List of Indexes
To know the list of indexes using its prefix, you can make use of below URL
http://<your_host_name>:<your_port_num>/_cat/indices/logs-dev-myapp-*?v&s=i
or use below GET query
GET /_cat/indices/logs-dev-myapp-*?v&s=i
Highest and Lowest (based on document counts)
Now for the highest and lowest, I suppose when you mean it you are asking with respect to documents count, you can make use of the below aggregation query.
Note that the below query would also display list of indexes.
POST logs-dev-myapp-*/_search
{
"size":0,
"aggs":{
"indices":{
"terms":{
"field":"_index",
"size":100
}
},
"max":{
"max_bucket":{
"buckets_path":"indices._count"
}
},
"min":{
"min_bucket":{
"buckets_path":"indices._count"
}
}
},
"sort":[
{
"_index":{
"order":"asc"
}
}
],
"script_fields":{
"index_name":{
"script":{
"lang":"painless",
"source":"doc['_index']"
}
}
}
}
Useful Links
Refer to this LINK for more info in the field _index.
And I've made use of Max Bucket and Min Bucket pipeline aggregations with Terms Aggregation
Let me know if it helps!
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given"size":0, use of thatscript_fields, reason forsize":100inindices, also how the min and max is calculated whether it is from size of the indexes etc
– Alex Man
Nov 14 '18 at 5:45
"size": 0so that you only see aggregation results. Or else it would also show you the documents for that indexes too."size": 100so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not fromsizebut fromdocument count. Seeing that its log data and same format of documents would be in all indexes, consideringdocument countsshould suffice.
– Kamal
Nov 14 '18 at 8:17
thanks for the info. what aboutscript_fields?
– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fieldswould come in place if you change the"size":0to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change thesizeto1, try once withscript fieldsand again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.
– Kamal
Nov 14 '18 at 10:26
|
show 1 more comment
1
List of Indexes
To know the list of indexes using its prefix, you can make use of below URL
http://<your_host_name>:<your_port_num>/_cat/indices/logs-dev-myapp-*?v&s=i
or use below GET query
GET /_cat/indices/logs-dev-myapp-*?v&s=i
Highest and Lowest (based on document counts)
Now for the highest and lowest, I suppose when you mean it you are asking with respect to documents count, you can make use of the below aggregation query.
Note that the below query would also display list of indexes.
POST logs-dev-myapp-*/_search
{
"size":0,
"aggs":{
"indices":{
"terms":{
"field":"_index",
"size":100
}
},
"max":{
"max_bucket":{
"buckets_path":"indices._count"
}
},
"min":{
"min_bucket":{
"buckets_path":"indices._count"
}
}
},
"sort":[
{
"_index":{
"order":"asc"
}
}
],
"script_fields":{
"index_name":{
"script":{
"lang":"painless",
"source":"doc['_index']"
}
}
}
}
Useful Links
Refer to this LINK for more info in the field _index.
And I've made use of Max Bucket and Min Bucket pipeline aggregations with Terms Aggregation
Let me know if it helps!
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given"size":0, use of thatscript_fields, reason forsize":100inindices, also how the min and max is calculated whether it is from size of the indexes etc
– Alex Man
Nov 14 '18 at 5:45
"size": 0so that you only see aggregation results. Or else it would also show you the documents for that indexes too."size": 100so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not fromsizebut fromdocument count. Seeing that its log data and same format of documents would be in all indexes, consideringdocument countsshould suffice.
– Kamal
Nov 14 '18 at 8:17
thanks for the info. what aboutscript_fields?
– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fieldswould come in place if you change the"size":0to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change thesizeto1, try once withscript fieldsand again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.
– Kamal
Nov 14 '18 at 10:26
|
show 1 more comment
1
1
1
List of Indexes
To know the list of indexes using its prefix, you can make use of below URL
http://<your_host_name>:<your_port_num>/_cat/indices/logs-dev-myapp-*?v&s=i
or use below GET query
GET /_cat/indices/logs-dev-myapp-*?v&s=i
Highest and Lowest (based on document counts)
Now for the highest and lowest, I suppose when you mean it you are asking with respect to documents count, you can make use of the below aggregation query.
Note that the below query would also display list of indexes.
POST logs-dev-myapp-*/_search
{
"size":0,
"aggs":{
"indices":{
"terms":{
"field":"_index",
"size":100
}
},
"max":{
"max_bucket":{
"buckets_path":"indices._count"
}
},
"min":{
"min_bucket":{
"buckets_path":"indices._count"
}
}
},
"sort":[
{
"_index":{
"order":"asc"
}
}
],
"script_fields":{
"index_name":{
"script":{
"lang":"painless",
"source":"doc['_index']"
}
}
}
}
Useful Links
Refer to this LINK for more info in the field _index.
And I've made use of Max Bucket and Min Bucket pipeline aggregations with Terms Aggregation
Let me know if it helps!
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
List of Indexes
To know the list of indexes using its prefix, you can make use of below URL
http://<your_host_name>:<your_port_num>/_cat/indices/logs-dev-myapp-*?v&s=i
or use below GET query
GET /_cat/indices/logs-dev-myapp-*?v&s=i
Highest and Lowest (based on document counts)
Now for the highest and lowest, I suppose when you mean it you are asking with respect to documents count, you can make use of the below aggregation query.
Note that the below query would also display list of indexes.
POST logs-dev-myapp-*/_search
{
"size":0,
"aggs":{
"indices":{
"terms":{
"field":"_index",
"size":100
}
},
"max":{
"max_bucket":{
"buckets_path":"indices._count"
}
},
"min":{
"min_bucket":{
"buckets_path":"indices._count"
}
}
},
"sort":[
{
"_index":{
"order":"asc"
}
}
],
"script_fields":{
"index_name":{
"script":{
"lang":"painless",
"source":"doc['_index']"
}
}
}
}
Useful Links
Refer to this LINK for more info in the field _index.
And I've made use of Max Bucket and Min Bucket pipeline aggregations with Terms Aggregation
Let me know if it helps!
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
answered Nov 13 '18 at 19:30
KamalKamal
1,6531920
1,6531920
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given"size":0, use of thatscript_fields, reason forsize":100inindices, also how the min and max is calculated whether it is from size of the indexes etc
– Alex Man
Nov 14 '18 at 5:45
"size": 0so that you only see aggregation results. Or else it would also show you the documents for that indexes too."size": 100so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not fromsizebut fromdocument count. Seeing that its log data and same format of documents would be in all indexes, consideringdocument countsshould suffice.
– Kamal
Nov 14 '18 at 8:17
thanks for the info. what aboutscript_fields?
– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fieldswould come in place if you change the"size":0to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change thesizeto1, try once withscript fieldsand again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.
– Kamal
Nov 14 '18 at 10:26
|
show 1 more comment
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given"size":0, use of thatscript_fields, reason forsize":100inindices, also how the min and max is calculated whether it is from size of the indexes etc
– Alex Man
Nov 14 '18 at 5:45
"size": 0so that you only see aggregation results. Or else it would also show you the documents for that indexes too."size": 100so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not fromsizebut fromdocument count. Seeing that its log data and same format of documents would be in all indexes, consideringdocument countsshould suffice.
– Kamal
Nov 14 '18 at 8:17
thanks for the info. what aboutscript_fields?
– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fieldswould come in place if you change the"size":0to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change thesizeto1, try once withscript fieldsand again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.
– Kamal
Nov 14 '18 at 10:26
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given
"size":0, use of that script_fields, reason for size":100 in indices, also how the min and max is calculated whether it is from size of the indexes etc– Alex Man
Nov 14 '18 at 5:45
Thanks for the reply, I'm a newbie in ElasticSearch. If possible can you please explain me few things like why it is given
"size":0, use of that script_fields, reason for size":100 in indices, also how the min and max is calculated whether it is from size of the indexes etc– Alex Man
Nov 14 '18 at 5:45
"size": 0 so that you only see aggregation results. Or else it would also show you the documents for that indexes too. "size": 100 so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not from size but from document count. Seeing that its log data and same format of documents would be in all indexes, considering document counts should suffice.– Kamal
Nov 14 '18 at 8:17
"size": 0 so that you only see aggregation results. Or else it would also show you the documents for that indexes too. "size": 100 so that your aggregation result displays all the indexes(seeing that you have 30 as mentioned in the query). Min/Max is calculated not from size but from document count. Seeing that its log data and same format of documents would be in all indexes, considering document counts should suffice.– Kamal
Nov 14 '18 at 8:17
thanks for the info. what about
script_fields?– Alex Man
Nov 14 '18 at 10:06
thanks for the info. what about
script_fields?– Alex Man
Nov 14 '18 at 10:06
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
Also correcting my question regarding highest and the lowest rollover indexes. Actually what I mean by lowest is the oldest index and highest is the latest index
– Alex Man
Nov 14 '18 at 10:20
script_fields would come in place if you change the "size":0 to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change the size to 1, try once with script fields and again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.– Kamal
Nov 14 '18 at 10:26
script_fields would come in place if you change the "size":0 to something else. In that case your query result (not aggregration result) would only show the index name instead of returning entire document with all the fields. It is meant to return specific fields in the search query response (not aggregation part). You can change the size to 1, try once with script fields and again by removing script fields, you'll be able to see the difference. You can remove it for your use case. Sorry I've mentioned it unnecessarily.– Kamal
Nov 14 '18 at 10:26
|
show 1 more comment
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286695%2fget-all-rollover-indexes-in-es%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
