elasticsearchelasticsearch-py
Elasticsearch: scroll between specified time frame
I have some data in elasticsearch. as shown in the image
I used below link example to do the scrolling
https://gist.github.com/drorata/146ce50807d16fd4a6aa
page = es.search(
index = INDEX_NAME,
scroll = '1m',
size = 1000,
body={"query": {"match_all": {}}})
sid = page['_scroll_id']
scroll_size = page['hits']['total']
# Start scrolling
print( "Scrolling...")
while (scroll_size > 0):
print("Page: ",count)
page = es.scroll(scroll_id = sid, scroll = '10m')
# Update the scroll ID
sid = page['_scroll_id']
for hit in page['hits']['hits']:
#some code processing here
Currently my requirement is that i want to scroll but want to specify the start timestamp and end timestamp Need help as to how to do this using scroll.
Solution
example code. time range should be in es query. Also You should process the first query result.
es_query_dict = {"query": {"range": {"timestamp":{
"gte":"2018-08-00T00:00:00Z", "lte":"2018-08-17T00:00:00Z"}}}}
def get_es_logs():
es_client = Elasticsearch([source_es_ip], port=9200, timeout=300)
total_docs = 0
page = es_client.search(scroll=scroll_time,
size=scroll_size,
body=json.dumps(es_query_dict))
while True:
sid = page['_scroll_id']
details = page["hits"]["hits"]
doc_count = len(details)
if len(details) > 0:
total_docs += doc_count
print("scroll size: " + str(doc_count))
print("start bulk index docs")
# index_bulk(details)
print("end success")
else:
break
page = es_client.scroll(scroll_id=sid, scroll=scroll_time)
print("total docs: " + str(total_docs))
- ElasticSearch updates are not immediate, how do you wait for ElasticSearch to finish updating it's index?
- Elasticsearch return document ids while doing aggregate query
- Where Elasticsearch grok patterns are defined?
- Elasticsearch multi term filter
- ElasticSearch QueryBuilder library for Java Spring Boot 3.0.5 is not support
- What is the difference between CONTAINS and WITHIN on Elasticsearch GeoShape queries?
- Grafana - Elasticsearch dashboard variable does not provide any results
- How to log using serilog to elasticsearch with Elastic.Serilog.Sinks in .net application
- What's "EIO: i/o error, write" in node.js and how do I eliminate it?
- Kibana has strict security requirements enabled that your current browser does not meet
- What's the difference between search-as-you-type and context suggester?
- Convenient time string parsing in python
- ElasticSearch in Spring with @Query
- What is the best practice for ensuring idempotency for downloading a binary with Ansible?
- Logstash install error: can't get unique system GID (no more available GIDs)
- Can't configure elastic search with spring boot in docker network
- `index_prefixes` in OpenSearch?
- How to get latest values for each group with an Elasticsearch query?
- What does it mean when an Elasticsearch index has yellow health?
- Is it possible to transfer data from Redshift to Elasticsearch?
- How elastic queries work with contradicting statements
- Can filebeat dissect a log line with spaces?
- How to undo setting Elasticsearch Index to readonly?
- Date range filter not getting excluded from date histogram under global aggregations in elastic query
- "United States" not ["United","States"]
- Get all field names in an index elasticsearch python
- How to really reindex data in elasticsearch
- elasticsearch match_phrase returns same score for fields with exact and not exact match
- inner_hits aggregations in ElasticSearch
- Sorting a reverse nested back to parent aggregation