S Andrew
Reputation: 7238
How to query for a particular field of source in elasticsearch
I have elasticsearch cluster running fine. When I run the below command, I get all the messages:
GET myindex/fluentd/_search?sort=@timestamp:desc
Now the above command gives me all the logs with respect to the timestamp in descending order. Below is the logs looks like:
{
"_index": "myindex",
"_type": "fluentd",
"_id": "ZFVk8mMB3x3ftHjXD16B",
"_score": null,
"_source": {
"datatime": "Jun 12 05:06:11",
"username": "user1",
"msg": "Running elasticsearch",
"hostname": "user1",
"@timestamp": "2018-06-12T05:06:11.000000000+00:00"
},
"sort": [
1528779971000
]
},
What command can I run to extract just the msg field of the source from all the logs with respect to time in descending order?
Thanks
Upvotes: 0
Views: 66
Answers (2)
Aircraft
Reputation: 295
Did you tried searching this on google.?
An easy search on google gave me the link to this page which shows perfect example of doing this:
GET twitter/_doc/0?_source_include=*.id&_source_exclude=entities
Using _source_include you can get msg from your logs.
Upvotes: 2
Val
Reputation: 217344
You can use the _source query string parameter like this:
GET myindex/fluentd/_search?sort=@timestamp:desc&_source=msg
Upvotes: 1
Related Questions
- How to write Elasticsearch query to match specific field?
- elasticsearch - only return specific fields without _source?
- How to query all content from a field in Elasticssearch
- How can I search the specific value in the _source from elasticSearch inquired result?
- searching for field in elasticsearch
- Querying elastic search based on _source fields searching
- ElasticSearch search by _source fields
- elasticsearch query from different field
- How to find all documents with specific field in Elasticsearch?
- Searching for Records in ElasticSearch based on keys in the "_source" field