58,354 questions
0
votes
2
answers
52
views
We do not use Scroll Query or PIT, What caused our ElasticSearch Cluster big OpenContexts Spike
We experienced OpenContexts spikes in our ElasticSearch 6.8 environment. Since we’re not using Scroll Queries or Point in Time (PIT), I’d like to understand:
What could be causing these OpenContexts ...
- 1,864
0
votes
0
answers
14
views
How to validate a raw Elasticsearch DSL query string with Elastic.Clients.Elasticsearch v8?
I am using the Elastic.Clients.Elasticsearch v8.19.11 client to connect to Elasticsearch. I want to validate a DSL query provided as a raw JSON string.
I'm not looking for simple JSON validation. ...
- 2,422
0
votes
1
answer
52
views
Elasticsearch range query on date field with epoch milliseconds returns 0 hits
I'm trying to query documents in Elasticsearch by a date field stored as epoch milliseconds. The mapping for my index looks like this:
"createdAt": {
"type": "date",
&...
- 391
1
vote
0
answers
47
views
Logs not showing in Kibana
I'm unable to see the logs in Kibana. I have installed Filebeat on Kali and Elasticsearch,Logstash and Kibana on Ubuntu. I want that Filebeat should pass logs to Logstash, then Logstash should pass to ...
0
votes
1
answer
46
views
ElasticSearch stopped logging
I have an ELK database with the ElasticSearch logstash and Kibana each set up on a different docker container on the same host.
The problem I am having is that the ElasticSearch server stopped logging ...
- 49
0
votes
1
answer
64
views
Elasticsearch bucket_path keep getting Validation Failed: 1: No aggregation found for path
POST huawei-monitor-logs-*/_search
{
"size": 0,
"query": {
"term": {
"event.original": "down"
}
},
"aggs": {
"...
1
vote
1
answer
225
views
Migrate Elasticsearch Builder classes to latest Java API 9.x
I have this elasticsearch Java code to connect and get data:
Gradle dependencies:
implementation 'org.elasticsearch:elasticsearch:5.6.16'
implementation 'org.elasticsearch.client:transport:5.6....
- 1,074
0
votes
0
answers
33
views
Logstash ILM Policy Causes 400 Error: Object Mapping for Field Tried to Parse as Object
I'm running an ELK stack in Docker Compose with Logstash sending logs to Elasticsearch using an ILM policy created by a separate initialization service.
Setup:
Elasticsearch with ILM policy Pong-logs-...
- 93
0
votes
0
answers
59
views
Elastic Logging - How to Trace a Request Across Multiple Remote Clusters (v8.10.2)
We have a cross-cluster setup with the following components:
2 coordinator clusters
Multiple remote (data) clusters
We’ve enabled slow logs on the remote clusters to capture details such as:
Search ...
0
votes
1
answer
43
views
Spring data elasticsearch how to print the elasticsearch JSON representation of the query
Using SpringBoot data elasticsearch
Need to print the Elasticsearch JSON representation of the query
Creating a org.springframework.data.elasticsearch.core.query.CriteriaQuery that is passed to
org....
- 508
0
votes
0
answers
43
views
Searchkick hanging on postgres schema calls during BulkReindexJob
We are running a large model reindex asyncronously with a Model.reindex(mode: :async) call.
When we do this, we will see a rise in the the database calls to the following call to Postgres Schema ...
0
votes
0
answers
44
views
Connect APM server to elasticsearch
I am trying to send telemetry data from ASP.NET app to elastic search. (logs, metrics, traces).
I tried to log data without APM. Logs are sent to elastic without APM, but trace does not work. To ...
- 165
0
votes
0
answers
42
views
How can I reference a second column (not the metric value) to control font color in a Kibana Canvas metric?
I'm working in Kibana Canvas using ESSQL, and I have a query that returns a single row with two columns like this:
sum_of_orders
color_index
645
3
I want to display sum_of_orders in a metric element, ...
- 195
0
votes
1
answer
82
views
What is the farthest geopoint from the centroid of a bucket
In my Elastic index my-index I have documents with geopoints.
The ideia is to group locations hourly and get a geo centroid for each hour with a radius so I can plot on Leaflet (or similar map api) ...
- 35
0
votes
1
answer
44
views
How to run logstash pipelines in Elastic Kubernetes?
We are running Elastic on Kubernetes, with Logstash running as a kind service. We're trying to integrate OutSystems logs as suggested in
https://github.com/OutSystems/outsystems-elastic-integration/...
- 1,452
0
votes
1
answer
83
views
OpenSearch get top n results by keyword field (OpenSearch 3.1)
I have a few OpenSearch indicies (running OpenSearch 3.1 on AWS) and each index has a type_slug field that tells the application what kind of object it is. I would like to get the top 5 results for ...
- 2,748
0
votes
0
answers
52
views
Pino transport: apply ECS format only to Elasticsearch target
I have this Pino transport with two targets:
const transport = pino.transport({
targets: [
{ target: 'pino-elasticsearch', options: { /* ... */ } },
{ target: 'pino-pretty', options: { /* ......
- 165
1
vote
1
answer
35
views
ElasticsearchRepository result is greater than 10000 Documents
I have a SpringBoot application in which I query an Elasticsearch cluster using an Elasticsearch repository. This is working fine at first.
I have the following method in my repository, among others:
...
1
vote
1
answer
43
views
Migrating NEST to Elastic.Clients.Elasticsearch no mapping found
I have some code connecting to elastic that I'm moving and I thought it would be a good time to migrate from NEST 7.17.4 to Elastic.Client.Elasticsearch 8.19.5 since NEST isn't supported anymore and ...
- 45.3k
0
votes
0
answers
31
views
Elasticsearch one-way Chinese synonyms with Smartcn tokenizer causing unexpected token overlap
Questions:
Is there a way to prevent this token overlap when using one-way synonyms with Chinese text in Elasticsearch?
Are there recommended approaches for handling one-way Chinese synonyms more ...
0
votes
0
answers
48
views
Spring Data Elasticsearch all shards failed exception
I faced a problem connected with Elasticsearch while implementing full text search. When I try to find documents in index I face this problem
2025-08-27T09:15:59.544+03:00 ERROR 19622 --- [Muse] [nio-...
0
votes
0
answers
30
views
Logstash data_stream_namespace does not work with dynamic field substitution [duplicate]
I have an ELK setup where Logstash collects logs.
In my logs I have a field like this:
{
"remote.organization.name": "navid"
}
The value of remote.organization.name can be ...
- 537
0
votes
2
answers
34
views
Version Conflict Issue while deleting doc from Elastic
In Elastic version 7.17.29, sometimes I can see the doc on hitting the GET query, and sometimes I can not:
GET <index_name>/_search
{
"query": {
"match": {
...
0
votes
0
answers
209
views
Queries to Elasticsearch using Python API return different results than Kibana
I've built a set of data pipes for moving data out of Elastic into RDS, using the Python Elasticsearch library to pass a SQL query to Elasticsearch. I'm trying to add a new one that will query all the ...
- 69
0
votes
2
answers
46
views
Results search use script query not true?
I have a problem that requires finding the value corresponding to the label. I have a query with the following script:
GET hawkcam_object_v3_test/_search
{
"query": {
"bool": ...
3
votes
0
answers
91
views
How do I generate a stable document ID for SQL executions when polling Oracle gv$session into Elasticsearch via Logstash?
I’m building a pipeline that polls Oracle’s gv$session joined with gv$sql every 5 seconds to track query executions. Each poll returns multiple rows (one per active session), and I need to aggregate ...
0
votes
1
answer
65
views
Elasticsearch index creation from Python, results in error, for known mapping
I have the following code:
from elasticsearch import Elasticsearch
client = Elasticsearch(
"https://myhost",
api_key="mykey",
request_timeout=30, # Increase timeout ...
- 879
1
vote
1
answer
30
views
In Elasticsearch aggregations responses, how to drop "key_as_string" or "key" property?
I'm doing a multi terms aggregation in Elasticsearch, but in the response I have both keys and "key_as_string", which content is duplicated
{
"key": [
"...
- 13
0
votes
0
answers
41
views
How to query a sum and its percentage in the same Elasticsearch ESQL query?
I am writing an ES|QL to find out the sum and of a field grouped by another field and also its percentage by other sums of that field. How do I write the query?
FROM test_index| WHERE start_time >= ...
- 5,519
0
votes
1
answer
35
views
ElasticSearch's ConnectionSettings is disposable or not?
In C#, for ConnectionSettings settings = new ConnectionSettings(url);, getting CA2000 warning.
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void ...
- 125
2
votes
1
answer
145
views
Elastic should not split few words by space during analysis
I don't want to split few words during analysis and should be searched as is in match query.
Ex: "Sales Play" should be treated as is and when search string contains "sales" then ...
- 65
0
votes
1
answer
50
views
Field missing on "Select Field" on Grafana
I have the same problem as the in this question (Grafana - Show metric by field value). I want to display a field instead of the count (default).
I use the Elastic Search data source.
I followed the ...
- 279
0
votes
0
answers
45
views
Apache Camel OpenTelemetry creates duplicate log events in ELK Stack
I'm experiencing duplicate log events in my ELK Stack when using Apache Camel with OpenTelemetry. The logs appear correctly in the console (no duplicates), but in Elasticsearch/Kibana, each log ...
- 346
0
votes
0
answers
35
views
Opensearch-dashboards throws intermittent authentication failures for internal calls
I have an Opensearch v3.1.0 container and an Opensearch-dashboards v3.1.0 container.
Whenever I access the opensearch-dashboard console from the browser, I get the following logs from Opensearch
[2025-...
- 364
0
votes
1
answer
25
views
Searching for documents in elasticsearch where one field is duplicated while another is not?
We have an elasticsearch database full of documents, and on some of those documents we have a text field that we have translated from another language into english. However, because of a prior mistake ...
- 73
0
votes
0
answers
30
views
Query for different representations of document with correct sorting
I have an index of documents that consist of some data that may exist differently in the so-called draft or release versions of the document. In my example mapping, I have only the docType as a value ...
- 3,837
0
votes
0
answers
41
views
Elasticsearch silently drops nested field when updating
I’m updating an Elasticsearch document that includes a refunds field, which is defined as a nested type in the index mapping.
"type": "nested",
"properties": {
&...
- 146
0
votes
0
answers
21
views
How to write elasticsearch Query DSL with filter the nested objects
There have a doc with the day_count like :
"day_count": [
{
"user_count": 2,
"count": 9,
"start": "2025-08-04 00:00:...
- 3
0
votes
0
answers
22
views
Filebeat 9.0.4 failing to connect to elasticsearch on local machine
I followed below documentation for setting up filebeat- 9.0.4 on local machine (Ubuntu 24.04.2 LTS)
Filebeat quick start: installation and configuration | Beats (self-managed tab)
I used below command ...
- 31
0
votes
0
answers
30
views
How to return the geo distance when NOT sorting with _geo_distance in c# NEST code
I have json data with latitude and longitude in separate fields instead of having a location of type GeoPoint.
I implemented filtering in ElasticSearch based on geo_distance by mapping this location ...
- 1
0
votes
1
answer
49
views
Kafka-Driven Elasticsearch Document Migration (Index A → B)
I'm trying to implement below steps in Logstash but getting error.
Input from kafka i.e. id
Search that Id on elastic i.e. _id
Take doc from Elastic index A
write it to another Elastic index B
Delete ...
0
votes
1
answer
44
views
elasticsearch scoring through multiple indices
I have several indices with similar but still different data which is coming from different sources. However I'm running the search query through all of them.
The issue that I'm trying to solve is ...
- 29k
3
votes
0
answers
183
views
Validating ES query_string upfront, namely without connecting to an Elasticsearch server
I am looking for a Python library (if any) that could help validate the query_string field of Elasticsearch queries1 upfront, namely without connecting to an Elasticsearch server and without having to ...
- 3,157
0
votes
1
answer
33
views
Elasticsearch query index being updated, not create
I know I can query index creation time with curl 'http://localhost:9200/_cat/indices?v&h=index,creation.date.string'.
Is there a similar query which I can check index update time (not creation ...
- 41
0
votes
0
answers
26
views
Adding additional aggregation causes 15x performance degradation despite small result set
I have an Elasticsearch query that returns only 107 documents but takes 1.5 seconds to execute. When I remove one specific aggregation (values_brand), the same query completes in 100ms. The brand ...
0
votes
1
answer
52
views
Adding a normalizer to existing index
I want to add a normalizer to my settings and mapping in order the data will be sorted case-insensitive (currently it is sorted with ascii - which I don't want).
I can't do a reindex, because I don't ...
0
votes
0
answers
103
views
Opensearch Unauthorised Issue
I am using AWS OpenSearch with fine-grained access control enabled. Initially, I was able to log in to the OpenSearch dashboard using my master username and password, and everything was working ...
1
vote
0
answers
26
views
Connect local Kibaba to remote Elasticsearch cluster version 8.x
I had a hard time trying to run local Kibana with Docker and connect to a remote Elasticsearch cluster in version 8.18.x
Previously, I had an ES version 7 running in a k8s-managed cloud
Then I ...
- 301
0
votes
0
answers
27
views
Nifi - queryelasticsearchhttp vs jsonqueryelasticsearch
older version of nifi had queryelasticsearchhttp which would have a target as flowfile attribute but it is missing in newer nifi in jsonqueryelasticsearch.
Is there another simpler way to have my ...
1
vote
2
answers
95
views
Vespa ai rank function with multiple operands
I am evaluating vespa ai for our search use case, I want to understand if I am using the rank function correctly and if this is a right way to use it
"default-index": "all_text",
...
- 594