Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Elasticsearch no hits. {"size": 0} on query

See original GitHub issue

Followed the instructions to setup the plugin with elasticsearch.

The query itself is ok (tested it outside Grafana and works as expected). But the query is appended with “size”: 0 in the plugin and the hits are indeed 0.

Sample document in the index:

{
"_index": "application_logs",
"_type": "nginx-access",
"_id": "AV3G6T1UfJzZmB72n0RZ",
"_score": 0,
"_source": {
"request": "/v1/instruments/filters/",
"agent": "\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36\"",
"geoip": {
"timezone": "America/New_York",
"ip": "000000000",
"latitude": 25.7806,
"coordinates": [
-80.1826,
25.7806
],
"continent_code": "NA",
"city_name": "Miami",
"country_name": "United States",
"country_code2": "US",
"dma_code": 528,
"country_code3": "US",
"region_name": "Florida",
"location": {
"lon": -80.1826,
"lat": 25.7806
},
"postal_code": "33132",
"region_code": "FL",
"longitude": -80.1826
},
"offset": 9179,
"auth": "-",
"ident": "-",
"input_type": "log",
"verb": "GET",
"source": "/var/log/nginx/access.log",
"message": "96.47.229.59 - - [09/Aug/2017:12:12:31 +0000] \"GET /v1/instruments/filters/ HTTP/1.1\" 200 3062 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36\"",
"type": "nginx-access",
"tags": [
"beats_input_codec_plain_applied"
],
"referrer": "\"-\"",
"@timestamp": "2017-08-09T12:12:36.179Z",
"response": "200",
"bytes": "3062",
"clientip": "0000000",
"@version": "1",
"beat": {
"hostname": "platform",
"name": "platform",
"version": "5.5.1"
},
"host": "platform",
"httpversion": "1.1",
"timestamp": "09/Aug/2017:12:12:31 +0000"
}
}

Sample query emitted by the plugin:

{
"size": 0,
"query": {
"bool": {
"filter": [{
"range": {
"@timestamp": {
"gte": "1501970400000",
"lte": "1502575199999",
"format": "epoch_millis"
}
}
}, {
"query_string": {
"analyze_wildcard": true,
"query": "type: \"nginx-access\""
}
}]
}
},
"aggs": {
"2": {
"geohash_grid": {
"field": "geoip.location",
"precision": 2
},
"aggs": {}
}
}
}

Sample response:

{
"responses": [{
"took": 11,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 12,
"max_score": 0.0,
"hits": []
},
"aggregations": {
"2": {
"buckets": []
}
},
"status": 200
}]
}

Pay attention to the

"hits": {
"total": 12,
"max_score": 0.0,
"hits": []
}

part in the response, I believe it is originated from the size:0

What am I doing wrong?

Issue Analytics

State:
Created 6 years ago
Comments:9

Top GitHub Comments

1reaction

eliranshlomo1commented, Jan 23, 2018

+1 after 2 hours of research found this issue.

0reactions

cosmos1978commented, Feb 13, 2018

Can you place this bug on the grafana git ?

Top Results From Across the Web

Cannot get only number of hits in elastic search - Stack Overflow

Setting size as zero signifies that you are asking Elasticsearch to return all the documents which satisfies the query.

Aggregation size 0 for top results - Elasticsearch

I'm just migrating my application from elasticsearch 1.7 to 5.6 but I'm stuck with the following aggregation which previously relies on size:"0" ...

Trying to show all records in given time range using "size:0"

I tried searching to find an option for this question. But all says to put the size value in the query to get...

Aggregations | Elasticsearch Guide [8.5] | Elastic

By default, searches containing an aggregation return both search hits and aggregation results. To return only aggregation results, set size to 0 :....

Returning only aggregation results | Elasticsearch Guide [8.5]

Elastic Cloud. Maximize value and optimize your experience. Deploy everything Elastic has to offer across any cloud, in minutes.