Operations such as search and aggregations can run against multiple indexes in the same query. It is possible to specify which indexes should be searched by using different URLs in the GET request. Let's understand how the URLs can be used to search in different indexes and the types within them. We cover the following scenarios when dealing with multiple indexes within a cluster:
- Searching all documents in all indexes
- Searching all documents in one index
- Searching all documents of one type in an index
- Searching all documents in multiple indexes
- Searching all documents of a particular type in all indexes
The following query matches all documents. The documents that are actually returned by the query will be limited to 10 in this case. The default size of the result is 10, unless specified otherwise in the query:
GET /_search
This will return all the documents from all the indexes of the cluster. The response looks similar to the following, and it is truncated to remove the unnecessary repetition of documents:
{
"took": 3,
"timed_out": false,
"_shards": {
"total": 16,
"successful": 16,
</span>"failed": 0
},
"hits": {
"total": 4,
"max_score": 1,
"hits": [
{
"_index": ".kibana",
"_type": "doc",
"_id": "config:7.0.0",
"_score": 1,
"_source": {
"type": "config",
"config": {
"buildNum": 16070
}
}
},
...
...
]
}
}
Clearly, this is not a very useful operation, but let's use it to understand the search response:
- took: The number of milliseconds taken by the cluster to return the result.
- timed_out: false: This means that the operation completed successfully without timing out.
- _shards: Shows the summary of how many shards across the entire cluster were searched for successfully, or failed.
- hits: Contains the actual documents that matched. It contains total, which signifies the total documents that matched the search criteria across all indexes. The max_score displays the score of the best matching document from the search hits. The hits child of this element contains the actual document list.