Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Database Elasticsearch query to return all records

Thread Rating:
  • 397 Vote(s) - 3.53 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Elasticsearch query to return all records

Offline Prohaycart135


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-20-2023, 05:23 AM
I have a small database in Elasticsearch and for testing purposes would like to pull all records back. I am attempting to use a URL of the form...

[To see links please register here]

={'matchAll':{''}}

Can someone give me the URL you would use to accomplish this, please?
Reply

Offline pericycle289


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Sep 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-20-2023, 05:34 AM
use `server:9200/_stats` also to get statistics about all your aliases.. like size and number of elements per alias, that's very useful and provides helpful information
Reply

Offline beray409669


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-20-2023, 05:54 AM
elasticsearch(ES) supports both a GET or a POST request for getting the data from the ES cluster index.

When we do a GET:

[To see links please register here]

[your index name]/_search?size=[no of records you want]&q=*:*

When we do a POST:

[To see links please register here]

[your_index_name]/_search
{
"size": [your value] //default 10
"from": [your start index] //default 0
"query":
{
"match_all": {}
}
}

I would suggest to use a UI plugin with elasticsearch

[To see links please register here]

This will help you get a better feeling of the indices you create and also test your indices.
Reply

Offline revibrate664112


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-20-2023, 06:13 AM
Simple! You can use `size` and `from` parameter!

[To see links please register here]

[your index name]/_search?size=1000&from=0

then you change the `from` gradually until you get all of the data.
Reply

Offline Sirfrontingly141


Member
*
Member
Posts: 0
Threads: 0
Joined: Aug 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-20-2023, 06:15 AM
I think lucene syntax is supported so:

`http://localhost:9200/foo/_search?pretty=true&q=*:*`

size defaults to 10, so you may also need `&size=BIGNUMBER` to get more than 10 items. (where BIGNUMBER equals a number you believe is bigger than your dataset)

BUT, elasticsearch documentation [suggests][1] for large result sets, using the scan search type.

EG:

curl -XGET 'localhost:9200/foo/_search?search_type=scan&scroll=10m&size=50' -d '
{
"query" : {
"match_all" : {}
}
}'

and then keep requesting as per the documentation link above suggests.

EDIT: `scan` Deprecated in 2.1.0.

`scan` does not provide any benefits over a regular `scroll` request sorted by `_doc`. [link to elastic docs][2] (spotted by @christophe-roussy)

[1]:

[To see links please register here]

[2]:

[To see links please register here]

Reply

Offline gelatination178329


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
07-20-2023, 06:33 AM


[To see links please register here]

^


**Note the size param**, which increases the hits displayed from the default (10) to 1000 per shard.

[To see links please register here]

Reply

Offline Drsiana7


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Feb 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#7
07-20-2023, 06:42 AM
The best way to adjust the size is using size=**number** in front of the URL

Curl -XGET "http://localhost:9200/logstash-*/_search?size=50&pretty"

Note: maximum value which can be defined in this size is 10000. For any value above ten thousand it expects you to use scroll function which would minimise any chances of impacts to performance.
Reply

Offline Mrmiriamwvtxxgfhs


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#8
07-20-2023, 06:50 AM
This is the best solution I found using python client

<!-- language: python -->

# Initialize the scroll
page = es.search(
index = 'yourIndex',
doc_type = 'yourType',
scroll = '2m',
search_type = 'scan',
size = 1000,
body = {
# Your query's body
})
sid = page['_scroll_id']
scroll_size = page['hits']['total']

# Start scrolling
while (scroll_size > 0):
print "Scrolling..."
page = es.scroll(scroll_id = sid, scroll = '2m')
# Update the scroll ID
sid = page['_scroll_id']
# Get the number of results that we returned in the last scroll
scroll_size = len(page['hits']['hits'])
print "scroll size: " + str(scroll_size)
# Do something with the obtained page



Using java client

<!-- language: java -->

import static org.elasticsearch.index.query.QueryBuilders.*;

QueryBuilder qb = termQuery("multi", "test");

SearchResponse scrollResp = client.prepareSearch(test)
.addSort(FieldSortBuilder.DOC_FIELD_NAME, SortOrder.ASC)
.setScroll(new TimeValue(60000))
.setQuery(qb)
.setSize(100).execute().actionGet(); //100 hits per shard will be returned for each scroll
//Scroll until no hits are returned
do {
for (SearchHit hit : scrollResp.getHits().getHits()) {
//Handle the hit...
}

scrollResp = client.prepareSearchScroll(scrollResp.getScrollId()).setScroll(new TimeValue(60000)).execute().actionGet();
} while(scrollResp.getHits().getHits().length != 0); // Zero hits mark the end of the scroll and the while loop.

[To see links please register here]

Reply

Offline fabrienne700


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Dec 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#9
07-20-2023, 07:00 AM
You can use size=0 this will return you all the documents
example

curl -XGET 'localhost:9200/index/type/_search' -d '
{
size:0,
"query" : {
"match_all" : {}
}
}'
Reply

Offline establishment275099


Member
*
Member
Posts: 0
Threads: 0
Joined: Apr 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#10
07-20-2023, 07:25 AM

[To see links please register here]


you will need to specify size query parameter as the default is 10
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through