0

I have elasticsearch cluster running fine. When I run the below command, I get all the messages:

GET myindex/fluentd/_search?sort=@timestamp:desc

Now the above command gives me all the logs with respect to the timestamp in descending order. Below is the logs looks like:

{
    "_index": "myindex",
    "_type": "fluentd",
    "_id": "ZFVk8mMB3x3ftHjXD16B",
    "_score": null,
    "_source": {
      "datatime": "Jun 12 05:06:11",
      "username": "user1",
      "msg": "Running elasticsearch",
      "hostname": "user1",
      "@timestamp": "2018-06-12T05:06:11.000000000+00:00"
    },
    "sort": [
      1528779971000
    ]

},

What command can I run to extract just the msg field of the source from all the logs with respect to time in descending order?

Thanks

Improve this question

2 Answers 2

Reset to default
2

Did you tried searching this on google.?

An easy search on google gave me the link to this page which shows perfect example of doing this:

GET twitter/_doc/0?_source_include=*.id&_source_exclude=entities

Using _source_include you can get msg from your logs.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If you copy/paste an example from the web, try to at least modify it to fit the data in the OP's question.
1

You can use the _source query string parameter like this:

GET myindex/fluentd/_search?sort=@timestamp:desc&_source=msg
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.