Skip to content

Instantly share code, notes, and snippets.

@joshuar

joshuar/queries.md

Created October 16, 2017 16:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joshuar/becee70d7f8c5968e73c78a51cce52a7 to your computer and use it in GitHub Desktop.
Save joshuar/becee70d7f8c5968e73c78a51cce52a7 to your computer and use it in GitHub Desktop.
Download ZIP
Quick Document Counts in Elasticsearch
Raw
queries.md

Count number of docs indexed in certain interval (e.g., last 15 min)

GET /logstash-<DATE>/_search?filter_path=hits.total
{
  "query": {
    "bool": {
      "filter": [
            {
              "range": {
                "@timestamp": {
                  "gte": "now-15m",
                  "lte": "now"
                }
              }
            }
        
        ]
    }
  },
  "size": 0
}

Get total docs indexed in interval and breakdown of docs per sub-interval (i.e., total docs indexed last 15 min and docs per 5 min interval therein)

GET /logstash-<DATE>/_search?filter_path=hits.total,aggregations.datehisto.buckets
{
  "query": {
    "bool": {
      "filter": [
            {
              "range": {
                "@timestamp": {
                  "gte": "now-15m",
                  "lte": "now"
                }
              }
            }
        
        ]
    }
  },
  "size": 0,
  "aggs": {
    "datehisto": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "5m",
        "min_doc_count": 1,
        "extended_bounds": {
          "min": "now-15m",
          "max": "now"
        }
      }
    }
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment