Reputation: 47
ElasticSearch query specifying an indexname using todays date
I'm using logstash to populate ES with a number of metrics from our live services across a number of machines. Logstash creates a new index each day and i am finding that querying ES without specifying the index, is running slowly. ( i currently maintain 5 days of indicies). If i specify the specific index eg today
.es(index=logstash-2018.01.15, q= examplequery
it runs very quickly Is there a way i can specify todays index using the date field?
eg
.es(index=logstash-'get date', q= examplequery
Upvotes: 1
Views: 943
Answers (2)
Reputation: 830
You can use the query for getting the indices of today's date:
.es(index='<logstash-{now/d}>')
An interesting read with all the options available in elastic search to include date math in index names:
https://www.elastic.co/guide/en/elasticsearch/reference/current/date-math-index-names.html
Upvotes: 2
Reputation: 599
By looking at the syntax I guess you are using Timelion or something that uses query string. There is a good tutorial here that includes specifying index patterns:
https://www.elastic.co/blog/timelion-tutorial-from-zero-to-hero
In your case it will be
.es(index=logstash-*, q= examplequery
or
.es(index=logstash-2018.01.*, q= examplequery
if you need this year january and the index pattern is 'logstash-YYYY.MM.dd'
Upvotes: 0
Related Questions
- Lucene query for Todays date
- Elasticsearch query with date not working
- Elasticsearch query based on timestamp
- Query for searching a specific date in elasticsearch
- elasticsearch index name with date
- Elasticsearch date match in index name doesn't work
- index based on field date in elasticsearch
- Parsing date using Logstash
- Kibana: filter events for today
- Can I configure Logstash to use an index which includes a parameterized date?