Search

edit

The search API allows you to execute a search query and get back search hits that match the query. The query can either be provided using a simple query string as a parameter, or using a request body.

Multi-Index, Multi-Type

edit

All search APIs can be applied across multiple types within an index, and across multiple indices with support for the multi index syntax. For example, we can search on all documents across all types within the twitter index:

GET /twitter/_search?q=user:kimchy

We can also search within specific types:

GET /twitter/tweet,user/_search?q=user:kimchy

We can also search all tweets with a certain tag across several indices (for example, when each user has his own index):

GET /kimchy,elasticsearch/tweet/_search?q=tag:wow

Or we can search all tweets across all available indices using _all placeholder:

GET /_all/tweet/_search?q=tag:wow

Or even search across all indices and all types:

GET /_search?q=tag:wow

By default elasticsearch rejects search requests that would query more than 1000 shards. The reason is that such large numbers of shards make the job of the coordinating node very CPU and memory intensive. It is usually a better idea to organize data in such a way that there are fewer larger shards. In case you would like to bypass this limit, which is discouraged, you can update the action.search.shard_count.limit cluster setting to a greater value.