Is there a way to retrieve from ElasticSearch information on when a specific index was last updated? My goal is to be able to tell when it was the last time that any documents were inserted/updated/deleted in the index. If this is not possible, is there something I can add in my index modification requests that will provide this information later on?
14 Answers
You can get the modification time from the _timestamp
To make it easier to return the timestamp you can set up Elasticsearch to store it:
curl -XPUT "" -d'
{ "mytype": { "_timestamp": { "enabled": "true", "store": "yes" } }
}'If I insert a document and then query on it I get the timestamp:
curl -XGET ' -d '{
> fields : ["_timestamp"],
> "query": {
> "query_string": { "query":"*"}
> }
> }'
{ "took" : 7, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 1.0, "hits" : [ { "_index" : "myindex", "_type" : "mytype", "_id" : "1", "_score" : 1.0, "fields" : { "_timestamp" : 1417599223918 } } ] }
}updating the existing document:
curl -XPOST "" -d'
{ "doc" : { "field1": "data", "field2": "more data" }, "doc_as_upsert" : true
}'Re-running the previous query shows me an updated timestamp:
"fields" : { "_timestamp" : 1417599620167 } 6 I don't know if there are people who are looking for an equivalent, but here is a workaround using shards stats for > Elasticsearch 5 users: curl XGET
As you'll see, you have some informations per indices, commits and/or flushs that you might use to see if the indice changed (or not).
I hope it will help someone.
Just looked into a solution for this problem. Recent Elasticsearch versions have a <index>/_recovery API.
This returns a list of shards and a field called stop_time_in_millis which looks like it is a timestamp for the last write to that shard.
A simple solution that could suffice in some use cases, could also be to look at the files that elastic search use to store its data, and sort those based on modification time, e.g.:
sudo find /var/lib/elasticsearch/ -type f -exec stat -c "%y - %n" {} ; | sort -k 1,2
This would give a conservative estimate, in the sense that data is certainly not modified later than the file with the latest timestamp.