How To Search And View The Data Of An Elasticsearch Index
Arie Visser • February 18, 2022
elasticsearchWhen working with Elasticsearch, you might want to know what data is actually stored on an index. This article describes some endpoints of the Elasticsearch REST APIs that might help you during development.
Show indices
First, we have to select the index we want to search. All indices can be listed by calling the following endpoint:
I assume you are running Elasticsearch on the default port 9200.
GET 127.0.0.1:9200/_cat/indices
This will show a list of all your indices, on my local machine the output is:
yellow open document __qNUfMUTSy7tptDgOT3RQ 1 1 83 0 255.4kb 255.4kb
yellow open users j7IwD4aZT52ULFioSo4XSg 1 1 1000 0 208.2kb 208.2kb
The two indexes are available, document and users.
Now we know the names of the indices, we can continue by searching one particular index.
List data of an Elasticsearch index
Showing data on an index can be done with the Search APIs.
To show all data that is on the users index, we can make a call to the following endpoint:
GET 127.0.0.1:9200/users/_search?pretty
It will show the output in JSON format (I only list the first 3 hits of the result here):
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1000,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "users",
"_type" : "_doc",
"_id" : "759",
"_score" : 1.0,
"_source" : {
"name" : "Elza Pfannerstill",
"email" : "okuvalis@example.net",
"email_verified_at" : "2020-02-17 15:27:58",
"updated_at" : "2020-02-17 15:28:15",
"created_at" : "2020-02-17 15:28:15",
"id" : 759,
"__class_name" : "App\\User"
}
},
{
"_index" : "users",
"_type" : "_doc",
"_id" : "760",
"_score" : 1.0,
"_source" : {
"name" : "Dr. Candice Franecki",
"email" : "gerard26@example.net",
"email_verified_at" : "2020-02-17 15:27:58",
"updated_at" : "2020-02-17 15:28:15",
"created_at" : "2020-02-17 15:28:15",
"id" : 760,
"__class_name" : "App\\User"
}
},
{
"_index" : "users",
"_type" : "_doc",
"_id" : "761",
"_score" : 1.0,
"_source" : {
"name" : "Miss Elsa McClure I",
"email" : "mustafa99@example.org",
"email_verified_at" : "2020-02-17 15:27:58",
"updated_at" : "2020-02-17 15:28:15",
"created_at" : "2020-02-17 15:28:15",
"id" : 761,
"__class_name" : "App\\User"
}
},
...
]
}
}
The users index just contains a couple of fields, and has 1000 entries, but typically an index will contain huge amounts of data.
As a result, in most cases you would need to paginate and search the data.
Paginate search results
The Search API will only show the first 10 hits by default. However, it is possible to chunk the data with the size and from parameters.
GET 127.0.0.1:9200/users/_search?size=100
The
sizeparameter has a limit of 10,000.
This will show 100 hits. To show the next page with 100 hits, you can call:
GET 127.0.0.1:9200/users/_search?size=100&from=100
Filter search results
The Search API also gives the ability to filter search results by adding the q parameter.
For example, when we only want users with the name "Elza" in the results, we can make the call like this:
GET 127.0.0.1:9200/users/_search?q=Elza
In my dataset, this will only return a single user:
{
"took": 58,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 7.1502776,
"hits": [
{
"_index": "users",
"_type": "_doc",
"_id": "759",
"_score": 7.1502776,
"_source": {
"name": "Elza Pfannerstill",
"email": "okuvalis@example.net",
"email_verified_at": "2020-02-17 15:27:58",
"updated_at": "2020-02-17 15:28:15",
"created_at": "2020-02-17 15:28:15",
"id": 759,
"__class_name": "App\\User"
}
}
]
}
}
Note the score value in the result, this indicates the relevance of the hit, in this case 7.1502776.
You can also apply fuzzy search (based on the Levenshtein Distance), by adding the tilde, "~", symbol at the end of a search term:
GET 127.0.0.1:9200/users/_search?q=Elza~
In my dataset, not only the user with the name "Elza Pfannerstill" is in the results, but also a user with the name "Miss Elsa McClure I":
{
"took": 56,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 7.1502776,
"hits": [
{
"_index": "users",
"_type": "_doc",
"_id": "759",
"_score": 7.1502776,
"_source": {
"name": "Elza Pfannerstill",
"email": "okuvalis@example.net",
"email_verified_at": "2020-02-17 15:27:58",
"updated_at": "2020-02-17 15:28:15",
"created_at": "2020-02-17 15:28:15",
"id": 759,
"__class_name": "App\\User"
}
},
{
"_index": "users",
"_type": "_doc",
"_id": "236",
"_score": 3.9714837,
"_source": {
"name": "Miss Elsa McClure I",
"email": "kovacek.liam@example.org",
"email_verified_at": "2020-02-17 15:27:58",
"updated_at": "2020-02-17 15:28:03",
"created_at": "2020-02-17 15:28:03",
"id": 236,
"__class_name": "App\\User"
}
}
]
}
}
As you can see, the score for "Miss Elsa McClure I" is much lower, because it doesn't contain the exact search term.
I hope this will give you some basic idea of the possibilities with the Elasticsearch REST APIs.