Elasticsearch tips and tricks
- Find record having max value for a field
- Get latest record from Elasticsearch
- Latest record with ES _timestamp value in results
- Get record count from last x mins
Max value
GET http://elasticsearch-server:9200/my_index_name_*/_search?size=0 { "aggs" : { "max_timestamp" : { "max" : { "field" : "TimeStamp" } } } } # replace TimeStamp to any other named field for which we want to fetch the max
Latest record from ES
GET http://elasticsearch-server:9200/my_index_name_*/_search { "query": { "match_all": {} }, "size": 1, "sort": [ { "_timestamp": { "order": "desc" } } ] }
Latest record with ES _timestamp value in results
GET http://elasticsearch-server:9200/my_index_name_*/_search { "query": { "match_all": {} }, "script_fields": { "timestamp": { "script": "_doc['_timestamp'].value" } }, "size": 1, "sort": [ { "_timestamp": { "order": "desc" } } ] }
Get record count from last x mins
curl -XGET 'elastic-hostname.tld:9200/indexPattern-*/log/_search?pretty' -H 'Content-Type: application/json' -d' { "query": { "range" : { "keyContainingDateTime" : { "gte" : "now-2m", "lt" : "now" } } } }