Reputation: 1374
How to search in elasticsearch indexes starting with a string
I am still new with elasticsearch and trying to find the best way how to filter results from a range of indices.
i.e.: Filebeat and logstash use to create index per day. I use to use bot for an different purpose and parallel I am using a posix shell script which is parsing and indexing some files from archive. Hence I have 3 types of indexes:
- archive
- logs
- processing
archive and logs are generated with date in the name:
- archive-2015.12.31
- archive-2016.01.04
- logs-2015.12.31
- logs-2016.01.04
I have tried various of attempts, but no success.
How to build the URI if I want to search only in logs or only in archive?
Many thanks Regards Reddy
Upvotes: 1
Views: 159
Answers (1)
Reputation: 6357
You can use wildcards in the index name. If you want to search all documents in indices whose name start with "logs", the corresponding query is:
POST logs*/_search
{
"query": {
"match_all": {}
}
}
Read this for more information.
Upvotes: 2
Related Questions
- List all indexes on ElasticSearch server?
- Is it possible to configure multiple output for a filebeat?
- elasticsearch bool query combine must with OR
- deleting old indexes in amazon elasticsearch
- filebeat to logstash or elasticsearch
- How to parse date in elasticsearch 5.x and Filebeat
- FIlebeat-Redis-Logstash : Filebeat fast and Logstah slow, logstash threading?
- How to manage input from multiple beats to centralized Logstash
- Collect log files from FTP into Logstash/Elasticsearch