How to Search Across Multiple Indices in Elasticsearch

How to Search Across Multiple Indices in Elasticsearch

Takahiro Iwasa
Takahiro Iwasa
2 min read
Elasticsearch

Introduction

Elasticsearch provides robust support for searching across multiple indices, enabling you to retrieve data from a variety of sources simultaneously. This tutorial explores how to set up and query data effectively.

Search API | Elasticsearch Guide [8.13] | Elastic
www.elastic.co www.elastic.co

Search API | Elasticsearch Guide [8.13] | Elastic

(Optional, string) Comma-separated list of data streams, indices, and index aliases to search. Wildcard (*) expressions are supported.

Launching Elasticsearch

To get started, you can launch an Elasticsearch cluster on your local machine using the official Docker image. Below is an example docker-compose.yml file to configure and start the cluster.

version: '3'

services:
  elasticsearch:
    image: elasticsearch:7.10.1
    container_name: elasticsearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
    ports:
      - 9200:9200

Start the cluster using the following command:

docker-compose up -d

Preparing Data

To experiment with multiple indices, index some data into users-2020-11 and users-2020-12 using the curl command:

curl -X POST -H 'Content-Type: application/json' -d '{"name": "hoge"}' localhost:9200/users-2020-11/_doc/
curl -X POST -H 'Content-Type: application/json' -d '{"name": "fuga"}' localhost:9200/users-2020-12/_doc/

This will create two indices with example documents for testing.

Searching Data

Searching with Wildcards

You can query data from multiple indices using a wildcard expression. For example:

curl localhost:9200/users-2020-*/_search | jq .hits.hits

The response will contain data from both users-2020-11 and users-2020-12:

[
  {
    "_index": "users-2020-11",
    "_type": "_doc",
    "_id": "PNQ3tXYBKT-fwQ71grcz",
    "_score": 1,
    "_source": {
      "name": "hoge"
    }
  },
  {
    "_index": "users-2020-12",
    "_type": "_doc",
    "_id": "PdQ3tXYBKT-fwQ71p7cy",
    "_score": 1,
    "_source": {
      "name": "fuga"
    }
  }
]

Searching with CSV Format

Another way to search is by specifying multiple indices as a comma-separated list:

curl localhost:9200/users-2020-11,users-2020-12/_search | jq .hits.hits

The response will contain data from both users-2020-11 and users-2020-12:

[
  {
    "_index": "users-2020-11",
    "_type": "_doc",
    "_id": "PNQ3tXYBKT-fwQ71grcz",
    "_score": 1,
    "_source": {
      "name": "hoge"
    }
  },
  {
    "_index": "users-2020-12",
    "_type": "_doc",
    "_id": "PdQ3tXYBKT-fwQ71p7cy",
    "_score": 1,
    "_source": {
      "name": "fuga"
    }
  }
]

Conclusion

Searching across multiple indices in Elasticsearch provides flexibility and efficiency for retrieving data in complex applications. By using wildcards and CSV formats, you can streamline your queries.

For more information, refer to the Elasticsearch Search API Documentation.

Happy Coding! 🚀

Takahiro Iwasa

Takahiro Iwasa

Software Developer at KAKEHASHI Inc.
Involved in the requirements definition, design, and development of cloud-native applications using AWS. Now, building a new prescription data collection platform at KAKEHASHI Inc. Japan AWS Top Engineers 2020-2023.