768 lines
22 KiB
Plaintext
768 lines
22 KiB
Plaintext
[[search-search]]
|
|
=== Search API
|
|
++++
|
|
<titleabbrev>Search</titleabbrev>
|
|
++++
|
|
|
|
Returns search hits that match the query defined in the request.
|
|
|
|
[source,console]
|
|
----
|
|
GET /my-index-000001/_search
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
[[search-search-api-request]]
|
|
==== {api-request-title}
|
|
|
|
`GET /<target>/_search`
|
|
|
|
`GET /_search`
|
|
|
|
`POST /<target>/_search`
|
|
|
|
`POST /_search`
|
|
|
|
[[search-search-api-desc]]
|
|
==== {api-description-title}
|
|
|
|
Allows you to execute a search query and get back search hits that match the
|
|
query. You can provide search queries using the <<search-api-query-params-q,`q`
|
|
query string parameter>> or <<search-request-body,request body>>.
|
|
|
|
[[search-search-api-path-params]]
|
|
==== {api-path-parms-title}
|
|
|
|
`<target>`::
|
|
(Optional, string)
|
|
Comma-separated list of data streams, indices, and index aliases to search.
|
|
Wildcard (`*`) expressions are supported.
|
|
+
|
|
To search all data streams and indices in a cluster, omit this parameter or use
|
|
`_all` or `*`.
|
|
|
|
[role="child_attributes"]
|
|
[[search-search-api-query-params]]
|
|
==== {api-query-parms-title}
|
|
|
|
IMPORTANT: Several options for this API can be specified using a query parameter
|
|
or a request body parameter. If both parameters are specified, only the query
|
|
parameter is used.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=allow-no-indices]
|
|
+
|
|
Defaults to `true`.
|
|
|
|
[[search-partial-responses]]
|
|
`allow_partial_search_results`::
|
|
(Optional, boolean)
|
|
If `true`, returns partial results if there are request timeouts or
|
|
<<shard-failures,shard failures>>. If `false`, returns an error with
|
|
no partial results. Defaults to `true`.
|
|
+
|
|
To override the default for this field, set the
|
|
`search.default_allow_partial_results` cluster setting to `false`.
|
|
|
|
`batched_reduce_size`::
|
|
(Optional, integer) The number of shard results that should be reduced at once
|
|
on the coordinating node. This value should be used as a protection mechanism
|
|
to reduce the memory overhead per search request if the potential number of
|
|
shards in the request can be large. Defaults to `512`.
|
|
|
|
[[ccs-minimize-roundtrips]]
|
|
`ccs_minimize_roundtrips`::
|
|
(Optional, boolean) If `true`, network round-trips between the
|
|
coordinating node and the remote clusters are minimized when executing
|
|
{ccs} (CCS) requests. See <<ccs-network-delays>>. Defaults to `true`.
|
|
|
|
`docvalue_fields`::
|
|
(Optional, string) A comma-separated list of fields to return as the docvalue
|
|
representation of a field for each hit.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=expand-wildcards]
|
|
+
|
|
Defaults to `open`.
|
|
|
|
`explain`::
|
|
(Optional, boolean) If `true`, returns detailed information about score
|
|
computation as part of a hit. Defaults to `false`.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=from]
|
|
+
|
|
--
|
|
By default, you cannot page through more than 10,000 documents using the `from`
|
|
and `size` parameters. This limit is set using the
|
|
<<index-max-result-window,`index.max_result_window`>> index setting.
|
|
|
|
Deep paging or requesting many results at once can result in slow searches.
|
|
Results are sorted before being returned. Because search requests usually span
|
|
multiple shards, each shard must generate its own sorted results. These separate
|
|
results must then be combined and sorted to ensure that the overall order is
|
|
correct.
|
|
|
|
As an alternative to deep paging, we recommend using
|
|
<<scroll-search-results,scroll>> or the
|
|
<<search-after,`search_after`>> parameter.
|
|
--
|
|
|
|
`ignore_throttled`::
|
|
(Optional, boolean) If `true`, concrete, expanded or aliased indices will be
|
|
ignored when frozen. Defaults to `true`.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=index-ignore-unavailable]
|
|
|
|
`max_concurrent_shard_requests`::
|
|
(Optional, integer) Defines the number of concurrent shard requests per node
|
|
this search executes concurrently. This value should be used to limit the
|
|
impact of the search on the cluster in order to limit the number of concurrent
|
|
shard requests. Defaults to `5`.
|
|
|
|
`pre_filter_shard_size`::
|
|
(Optional, integer) Defines a threshold that enforces a pre-filter roundtrip
|
|
to prefilter search shards based on query rewriting if the number of shards
|
|
the search request expands to exceeds the threshold. This filter roundtrip can
|
|
limit the number of shards significantly if for instance a shard can not match
|
|
any documents based on its rewrite method ie. if date filters are mandatory
|
|
to match but the shard bounds and the query are disjoint.
|
|
When unspecified, the pre-filter phase is executed if any of these conditions is met:
|
|
- The request targets more than `128` shards.
|
|
- The request targets one or more read-only index.
|
|
- The primary sort of the query targets an indexed field.
|
|
|
|
`preference`::
|
|
(Optional, string) Specifies the node or shard the operation should be
|
|
performed on. Random by default.
|
|
|
|
[[search-api-query-params-q]]
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=search-q]
|
|
+
|
|
You can use the `q` parameter to run a query parameter search. Query parameter
|
|
searches do not support the full {es} <<query-dsl,Query DSL>> but are handy for
|
|
testing.
|
|
+
|
|
IMPORTANT: The `q` parameter overrides the <<request-body-search-query,`query`>>
|
|
parameter in the request body. If both parameters are specified, documents
|
|
matching the `query` request body parameter are not returned.
|
|
|
|
`request_cache`::
|
|
(Optional, boolean) If `true`, the caching of search results is enabled for
|
|
requests where `size` is `0`. See <<shard-request-cache>>. Defaults to index
|
|
level settings.
|
|
|
|
`rest_total_hits_as_int`::
|
|
(Optional, boolean) Indicates whether hits.total should be rendered as an
|
|
integer or an object in the rest search response. Defaults to `false`.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=routing]
|
|
|
|
[[search-api-scroll-query-param]]
|
|
`scroll`::
|
|
(Optional, <<time-units,time value>>)
|
|
Period to retain the <<scroll-search-context,search context>> for scrolling. See
|
|
<<scroll-search-results>>.
|
|
+
|
|
By default, this value cannot exceed `1d` (24 hours). You can change
|
|
this limit using the `search.max_keep_alive` cluster-level setting.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=search_type]
|
|
|
|
`seq_no_primary_term`::
|
|
(Optional, boolean) If `true`, returns sequence number and primary term of the
|
|
last modification of each hit. See <<optimistic-concurrency-control>>.
|
|
|
|
`size`::
|
|
(Optional, integer) Defines the number of hits to return. Defaults to `10`.
|
|
+
|
|
--
|
|
By default, you cannot page through more than 10,000 documents using the `from`
|
|
and `size` parameters. This limit is set using the
|
|
<<index-max-result-window,`index.max_result_window`>> index setting.
|
|
|
|
Deep paging or requesting many results at once can result in slow searches.
|
|
Results are sorted before being returned. Because search requests usually span
|
|
multiple shards, each shard must generate its own sorted results. These separate
|
|
results must then be combined and sorted to ensure that the overall order is
|
|
correct.
|
|
|
|
As an alternative to deep paging, we recommend using
|
|
<<scroll-search-results,scroll>> or the
|
|
<<search-after,`search_after`>> parameter.
|
|
|
|
If the <<search-api-scroll-query-param,`scroll` parameter>> is specified, this
|
|
value cannot be `0`.
|
|
--
|
|
|
|
`sort`::
|
|
(Optional, string) A comma-separated list of <field>:<direction> pairs.
|
|
|
|
`_source`::
|
|
(Optional)
|
|
Indicates which <<mapping-source-field,source fields>> are returned for matching
|
|
documents. These fields are returned in the `hits._source` property of
|
|
the search response. Defaults to `true`.
|
|
+
|
|
.Valid values for `_source`
|
|
[%collapsible%open]
|
|
====
|
|
`true`::
|
|
(boolean)
|
|
The entire document source is returned.
|
|
|
|
`false`::
|
|
(boolean)
|
|
The document source is not returned.
|
|
|
|
`<string>`::
|
|
(string)
|
|
Comma-separated list of source fields to return.
|
|
Wildcard (`*`) patterns are supported.
|
|
====
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=source_excludes]
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=source_includes]
|
|
|
|
`stats`::
|
|
(Optional, string) Specific `tag` of the request for logging and statistical
|
|
purposes.
|
|
|
|
`stored_fields`::
|
|
(Optional, string) A comma-separated list of stored fields to return as part
|
|
of a hit. If no fields are specified, no stored fields are included in the
|
|
response.
|
|
+
|
|
If this field is specified, the `_source` parameter defaults to `false`. You can
|
|
pass `_source: true` to return both source fields and
|
|
stored fields in the search response.
|
|
|
|
`suggest_field`::
|
|
(Optional, string) Specifies which field to use for suggestions.
|
|
|
|
`suggest_text`::
|
|
(Optional, string) The source text for which the suggestions should be
|
|
returned.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=terminate_after]
|
|
+
|
|
Defaults to `0`, which does not terminate query execution early.
|
|
|
|
`timeout`::
|
|
(Optional, <<time-units, time units>>) Specifies the period of time to wait
|
|
for a response. If no response is received before the timeout expires, the
|
|
request fails and returns an error. Defaults to no timeout.
|
|
|
|
`track_scores`::
|
|
(Optional, boolean) If `true`, calculate and return document scores, even if
|
|
the scores are not used for sorting. Defaults to `false`.
|
|
|
|
`track_total_hits`::
|
|
(Optional, integer or boolean)
|
|
Number of hits matching the query to count accurately. Defaults to `10000`.
|
|
+
|
|
If `true`, the default value is used. If `false`, the response does not
|
|
include the total number of hits matching the query.
|
|
|
|
`typed_keys`::
|
|
(Optional, boolean) If `true`, aggregation and suggester names are be prefixed
|
|
by their respective types in the response. Defaults to `true`.
|
|
|
|
`version`::
|
|
(Optional, boolean)
|
|
If `true`, returns document version as part of a hit. Defaults to `false`.
|
|
|
|
[role="child_attributes"]
|
|
[[search-search-api-request-body]]
|
|
==== {api-request-body-title}
|
|
|
|
[[search-docvalue-fields-param]]
|
|
`docvalue_fields`::
|
|
(Optional, array of strings and objects)
|
|
Array of wildcard (`*`) patterns. The request returns doc values for field names
|
|
matching these patterns in the `hits.fields` property of the response.
|
|
+
|
|
You can specify items in the array as a string or object.
|
|
See <<docvalue-fields>>.
|
|
+
|
|
.Properties of `docvalue_fields` objects
|
|
[%collapsible]
|
|
====
|
|
`field`::
|
|
(Required, string)
|
|
Wildcard pattern. The request returns doc values for field names matching this
|
|
pattern.
|
|
|
|
`format`::
|
|
(Optional, string)
|
|
Format in which the doc values are returned.
|
|
+
|
|
For <<date,date fields>>, you can specify a date <<mapping-date-format,date
|
|
`format`>>. For <<number,numeric fields>> fields, you can specify a
|
|
https://docs.oracle.com/javase/8/docs/api/java/text/DecimalFormat.html[DecimalFormat
|
|
pattern].
|
|
+
|
|
For other field data types, this parameter is not supported.
|
|
====
|
|
|
|
[[request-body-search-explain]]
|
|
`explain`::
|
|
(Optional, boolean) If `true`, returns detailed information about score
|
|
computation as part of a hit. Defaults to `false`.
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=from]
|
|
+
|
|
--
|
|
By default, you cannot page through more than 10,000 documents using the `from`
|
|
and `size` parameters. This limit is set using the
|
|
<<index-max-result-window,`index.max_result_window`>> index setting.
|
|
|
|
Deep paging or requesting many results at once can result in slow searches.
|
|
Results are sorted before being returned. Because search requests usually span
|
|
multiple shards, each shard must generate its own sorted results. These separate
|
|
results must then be combined and sorted to ensure that the overall order is
|
|
correct.
|
|
|
|
As an alternative to deep paging, we recommend using
|
|
<<scroll-search-results,scroll>> or the
|
|
<<search-after,`search_after`>> parameter.
|
|
--
|
|
|
|
[[search-api-min-score]]
|
|
`min_score`::
|
|
(Optional, float)
|
|
Minimum <<relevance-scores,`_score`>> for matching documents. Documents with a
|
|
lower `_score` are not included in the search results.
|
|
|
|
[[request-body-search-query]]
|
|
`query`::
|
|
(Optional, <<query-dsl,query object>>) Defines the search definition using the
|
|
<<query-dsl,Query DSL>>.
|
|
|
|
[[request-body-search-seq-no-primary-term]]
|
|
`seq_no_primary_term`::
|
|
(Optional, boolean) If `true`, returns sequence number and primary term of the
|
|
last modification of each hit. See <<optimistic-concurrency-control>>.
|
|
|
|
`size`::
|
|
(Optional, integer) The number of hits to return. Defaults to `10`.
|
|
+
|
|
--
|
|
By default, you cannot page through more than 10,000 documents using the `from`
|
|
and `size` parameters. This limit is set using the
|
|
<<index-max-result-window,`index.max_result_window`>> index setting.
|
|
|
|
Deep paging or requesting many results at once can result in slow searches.
|
|
Results are sorted before being returned. Because search requests usually span
|
|
multiple shards, each shard must generate its own sorted results. These separate
|
|
results must then be combined and sorted to ensure that the overall order is
|
|
correct.
|
|
|
|
As an alternative to deep paging, we recommend using
|
|
<<scroll-search-results,scroll>> or the
|
|
<<search-after,`search_after`>> parameter.
|
|
|
|
If the <<search-api-scroll-query-param,`scroll` parameter>> is specified, this
|
|
value cannot be `0`.
|
|
--
|
|
|
|
`_source`::
|
|
(Optional)
|
|
Indicates which <<mapping-source-field,source fields>> are returned for matching
|
|
documents. These fields are returned in the `hits._source` property of
|
|
the search response. Defaults to `true`.
|
|
+
|
|
.Valid values for `_source`
|
|
[%collapsible%open]
|
|
====
|
|
`true`::
|
|
(boolean)
|
|
The entire document source is returned.
|
|
|
|
`false`::
|
|
(boolean)
|
|
The document source is not returned.
|
|
|
|
`<wildcard_pattern>`::
|
|
(string or array of strings)
|
|
Wildcard (`*`) pattern or array of patterns containing source fields to return.
|
|
|
|
`<object>`::
|
|
(object)
|
|
Object containing a list of source fields to include or exclude.
|
|
+
|
|
.Properties for `<object>`
|
|
[%collapsible%open]
|
|
=====
|
|
`excludes`::
|
|
(string or array of strings)
|
|
Wildcard (`*`) pattern or array of patterns containing source fields to exclude
|
|
from the response.
|
|
+
|
|
You can also use this property to exclude fields from the subset specified in
|
|
`includes` property.
|
|
|
|
`includes`::
|
|
(string or array of strings)
|
|
Wildcard (`*`) pattern or array of patterns containing source fields to return.
|
|
+
|
|
If this property is specified, only these source fields are returned. You can
|
|
exclude fields from this subset using the `excludes` property.
|
|
=====
|
|
====
|
|
|
|
include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=terminate_after]
|
|
+
|
|
Defaults to `0`, which does not terminate query execution early.
|
|
|
|
`timeout`::
|
|
(Optional, <<time-units, time units>>) Specifies the period of time to wait
|
|
for a response. If no response is received before the timeout expires, the
|
|
request fails and returns an error. Defaults to no timeout.
|
|
|
|
[[request-body-search-version]]
|
|
`version`::
|
|
(Optional, boolean)
|
|
If `true`, returns document version as part of a hit. Defaults to `false`.
|
|
|
|
|
|
[role="child_attributes"]
|
|
[[search-api-response-body]]
|
|
==== {api-response-body-title}
|
|
|
|
`_scroll_id`::
|
|
(string)
|
|
Identifier for the search and its <<scroll-search-context,search context>>.
|
|
+
|
|
You can use this scroll ID with the <<scroll-api,scroll API>> to retrieve the
|
|
next batch of search results for the request. See
|
|
<<scroll-search-results>>.
|
|
+
|
|
This parameter is only returned if the <<search-api-scroll-query-param,`scroll`
|
|
query parameter>> is specified in the request.
|
|
|
|
`took`::
|
|
+
|
|
--
|
|
(integer)
|
|
Milliseconds it took {es} to execute the request.
|
|
|
|
This value is calculated by measuring the time elapsed
|
|
between receipt of a request on the coordinating node
|
|
and the time at which the coordinating node is ready to send the response.
|
|
|
|
Took time includes:
|
|
|
|
* Communication time between the coordinating node and data nodes
|
|
* Time the request spends in the `search` <<modules-threadpool,thread pool>>,
|
|
queued for execution
|
|
* Actual execution time
|
|
|
|
Took time does *not* include:
|
|
|
|
* Time needed to send the request to {es}
|
|
* Time needed to serialize the JSON response
|
|
* Time needed to send the response to a client
|
|
--
|
|
|
|
`timed_out`::
|
|
(boolean)
|
|
If `true`,
|
|
the request timed out before completion;
|
|
returned results may be partial or empty.
|
|
|
|
`_shards`::
|
|
(object)
|
|
Contains a count of shards used for the request.
|
|
+
|
|
.Properties of `_shards`
|
|
[%collapsible%open]
|
|
====
|
|
`total`::
|
|
(integer)
|
|
Total number of shards that require querying,
|
|
including unallocated shards.
|
|
|
|
`successful`::
|
|
(integer)
|
|
Number of shards that executed the request successfully.
|
|
|
|
`skipped`::
|
|
(integer)
|
|
Number of shards that skipped the request because a lightweight check
|
|
helped realize that no documents could possibly match on this shard. This
|
|
typically happens when a search request includes a range filter and the
|
|
shard only has values that fall outside of that range.
|
|
|
|
`failed`::
|
|
(integer)
|
|
Number of shards that failed to execute the request. Note that shards
|
|
that are not allocated will be considered neither successful nor failed.
|
|
Having `failed+successful` less than `total` is thus an indication that
|
|
some of the shards were not allocated.
|
|
====
|
|
|
|
`hits`::
|
|
(object)
|
|
Contains returned documents and metadata.
|
|
+
|
|
.Properties of `hits`
|
|
[%collapsible%open]
|
|
====
|
|
`total`::
|
|
(object)
|
|
Metadata about the number of returned documents.
|
|
+
|
|
.Properties of `total`
|
|
[%collapsible%open]
|
|
=====
|
|
`value`::
|
|
(integer)
|
|
Total number of returned documents.
|
|
|
|
`relation`::
|
|
(string)
|
|
Indicates whether the number of returned documents in the `value`
|
|
parameter is accurate or a lower bound.
|
|
+
|
|
.Values of `relation`:
|
|
[%collapsible%open]
|
|
======
|
|
`eq`:: Accurate
|
|
`gte`:: Lower bound, including returned documents
|
|
======
|
|
=====
|
|
|
|
`max_score`::
|
|
(float)
|
|
Highest returned <<search-api-response-body-score,document `_score`>>.
|
|
+
|
|
This value is `null` for requests that do not sort by `_score`.
|
|
|
|
[[search-api-response-body-hits]]
|
|
`hits`::
|
|
(array of objects)
|
|
Array of returned document objects.
|
|
+
|
|
.Properties of `hits` objects
|
|
[%collapsible%open]
|
|
=====
|
|
`_index`::
|
|
(string)
|
|
Name of the index containing the returned document.
|
|
|
|
`_type`::
|
|
deprecated:[6.0.0, Mapping types are deprecated and will be removed in 8.0. See <<removal-of-types>>.]
|
|
(string)
|
|
Mapping type of the returned document.
|
|
|
|
`_id`::
|
|
(string)
|
|
Unique identifier for the returned document.
|
|
This ID is only unique within the returned index.
|
|
|
|
[[search-api-response-body-score]]
|
|
`_score`::
|
|
(float)
|
|
Positive 32-bit floating point number used to determine the relevance of the
|
|
returned document.
|
|
|
|
[[search-api-response-body-source]]
|
|
`_source`::
|
|
(object)
|
|
Original JSON body passed for the document at index time.
|
|
+
|
|
You can use the `_source` parameter to exclude this property from the response
|
|
or specify which source fields to return.
|
|
|
|
`fields`::
|
|
+
|
|
--
|
|
(object)
|
|
Contains field values for the documents. These fields must be specified in the
|
|
request using one or more of the following request parameters:
|
|
|
|
* <<search-docvalue-fields-param,`docvalue_fields`>>
|
|
* <<script-fields,`script_fields`>>
|
|
* <<stored-fields,`stored_fields`>>
|
|
|
|
This property is returned only if one or more of these parameters are set.
|
|
--
|
|
+
|
|
.Properties of `fields`
|
|
[%collapsible%open]
|
|
======
|
|
`<field>`::
|
|
(array)
|
|
Key is the field name. Value is the value for the field.
|
|
======
|
|
=====
|
|
====
|
|
|
|
[[search-search-api-example]]
|
|
==== {api-examples-title}
|
|
|
|
[[search-api-specific-ex]]
|
|
===== Search a single data stream or index using the `q` query parameter
|
|
|
|
[source,console]
|
|
----
|
|
GET /my-index-000001/_search?q=user.id:kimchy
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
The API returns the following response:
|
|
|
|
[source,console-result]
|
|
----
|
|
{
|
|
"took": 5,
|
|
"timed_out": false,
|
|
"_shards": {
|
|
"total": 1,
|
|
"successful": 1,
|
|
"skipped": 0,
|
|
"failed": 0
|
|
},
|
|
"hits": {
|
|
"total": {
|
|
"value": 1,
|
|
"relation": "eq"
|
|
},
|
|
"max_score": 1.3862942,
|
|
"hits": [
|
|
{
|
|
"_index": "my-index-000001",
|
|
"_type" : "_doc",
|
|
"_id": "0",
|
|
"_score": 1.3862942,
|
|
"_source": {
|
|
"@timestamp": "2099-11-15T14:12:12",
|
|
"http": {
|
|
"request": {
|
|
"method": "get"
|
|
},
|
|
"response": {
|
|
"status_code": 200,
|
|
"bytes": 1070000
|
|
},
|
|
"version": "1.1"
|
|
},
|
|
"source": {
|
|
"ip": "127.0.0.1"
|
|
},
|
|
"message": "GET /search HTTP/1.1 200 1070000",
|
|
"user": {
|
|
"id": "kimchy"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
----
|
|
// TESTRESPONSE[s/"took": 5/"took": $body.took/]
|
|
|
|
[[search-multi-index]]
|
|
===== Search several data streams and indices using the `q` query parameter
|
|
|
|
[source,console]
|
|
----
|
|
GET /my-index-000001,my-index-000002/_search?q=user.id:kimchy
|
|
----
|
|
// TEST[setup:my_index]
|
|
// TEST[s/^/PUT my-index-000002\n/]
|
|
|
|
[[search-api-all-ex]]
|
|
===== Search a cluster using the `q` query parameter
|
|
|
|
To search all data streams and indices in a cluster,
|
|
omit the `<target>` parameter.
|
|
|
|
[source,console]
|
|
----
|
|
GET /_search?q=user.id:kimchy
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
Alternatively,
|
|
you can use the `_all` or `*` value in the `<target>` parameter.
|
|
|
|
[source,console]
|
|
----
|
|
GET /_all/_search?q=user.id:kimchy
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
[source,console]
|
|
----
|
|
GET /*/_search?q=user.id:kimchy
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
[[search-request-body-api-example]]
|
|
===== Search using the `query` request body parameter
|
|
|
|
[source,console]
|
|
----
|
|
GET /my-index-000001/_search
|
|
{
|
|
"query": {
|
|
"term": {
|
|
"user.id": "kimchy"
|
|
}
|
|
}
|
|
}
|
|
----
|
|
// TEST[setup:my_index]
|
|
|
|
The API returns the following response:
|
|
|
|
[source,console-result]
|
|
----
|
|
{
|
|
"took": 5,
|
|
"timed_out": false,
|
|
"_shards": {
|
|
"total": 1,
|
|
"successful": 1,
|
|
"skipped": 0,
|
|
"failed": 0
|
|
},
|
|
"hits": {
|
|
"total": {
|
|
"value": 1,
|
|
"relation": "eq"
|
|
},
|
|
"max_score": 1.3862942,
|
|
"hits": [
|
|
{
|
|
"_index": "my-index-000001",
|
|
"_type" : "_doc",
|
|
"_id": "0",
|
|
"_score": 1.3862942,
|
|
"_source": {
|
|
"@timestamp": "2099-11-15T14:12:12",
|
|
"http": {
|
|
"request": {
|
|
"method": "get"
|
|
},
|
|
"response": {
|
|
"status_code": 200,
|
|
"bytes": 1070000
|
|
},
|
|
"version": "1.1"
|
|
},
|
|
"source": {
|
|
"ip": "127.0.0.1"
|
|
},
|
|
"message": "GET /search HTTP/1.1 200 1070000",
|
|
"user": {
|
|
"id": "kimchy"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
----
|
|
// TESTRESPONSE[s/"took": 5/"took": $body.took/]
|