Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in Bucharest on Sept 18th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ADe_Pinto1673864968
Contributor II
Contributor II
‎2024-10-18 10:54 AM

elasticsearch component return only 10000 characters

I designed a route to get all the document with level "ERROR" or "WARN" from an elastic index but when I save the result in a file, the route saves only the first 10.000 characters, so I cannot see the rest of the docs with errors. I looked into the configuration also from Camel, but I didn't find any parameter who helps me. If I try to log the message the result is the same. How can I get more data within a call?

This is the query : 

 

{
"track_total_hits": true,
"query":
{ "bool":
{ "must":
[
{ "match":
{ "level":
{
"query" : "ERROR WARN",
"operator": "or"
}
}
}
],

"must_not":
[
{ "match":
{ "tags": "_jsonparsefailure" }
}
],

"filter":
[
{ "range":
{ "@timestamp":
{ "gte": "now-24h", "lte" : "now" }
}
}
]
}
}
}

 

and I attach a screenshot of the process.

Thanks in advance,

Andrea De Pinto

Labels (1)
Labels

  • v8.x

Preview file
116 KB
663 Views
1 Solution

Accepted Solutions
ADe_Pinto1673864968
Contributor II
Contributor II
‎2024-10-21 08:15 AM
Author

In response to Xiaodi_Shi

Hello Sabdrina,

thanks for your reply. It's not a problem of elastic. I did the same query with a normal cRest component and it works perfectly fine, so I suppose it's embedded somehow in that specific component. I will change the route and use the cRest component.

View solution in original post

583 Views
0 Likes
5 Replies
Xiaodi_Shi
Employee
Employee
‎2024-10-21 03:46 AM

Hello,

For search operation, could you please try to modify the threadpool.search.queue_size: 10000 in elasticsearch.yml file to see if it helps?

Best regards

Sabrina

599 Views
0 Likes
ADe_Pinto1673864968
Contributor II
Contributor II
‎2024-10-21 08:15 AM
Author

In response to Xiaodi_Shi

Hello Sabdrina,

thanks for your reply. It's not a problem of elastic. I did the same query with a normal cRest component and it works perfectly fine, so I suppose it's embedded somehow in that specific component. I will change the route and use the cRest component.

584 Views
0 Likes
Xiaodi_Shi
Employee
Employee
‎2024-10-21 10:25 PM

In response to ADe_Pinto1673864968

Hello,

Thanks for your feedback and feel free to let me know if cRest component is OK with it.

Best regards

Sabrina

576 Views
0 Likes
fcolagiacomo
Contributor III
Contributor III
‎2024-10-22 07:51 AM

In response to Xiaodi_Shi

Hi,

if your query returns more than 10000 documents then you have to use Elasticsearch scroll query.

In example:

POST /my-index-000001/_search?scroll=1m
{
  "size": 100,
  "query": {
    "match": {
      "message": "foo"
    }
  }
}

 The result from the above request includes a _scroll_id, which should be passed to the scroll API in order to retrieve the next batch of results.

POST /_search/scroll                                                               
{
  "scroll" : "1m",                                                                 
  "scroll_id" : "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==" 
}

 

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/paginate-search-results.html#scroll-sea...

 

 

567 Views
ADe_Pinto1673864968
Contributor II
Contributor II
‎2024-10-24 02:40 AM
Author

In response to fcolagiacomo

Thanks for your reply, I'll try it

554 Views
0 Likes