Get last document from ElasticSearch

Question

so I have an elastic search index and I am sending docs to it attached with a timestamp. I am wondering if there is a way to extract the last document based on the time stamp. I.e. say to elastic give me the doc with the last time.

Thanks.

score 45 · Accepted Answer · answered Jun 27 '16 at 21:04

45

Yes, you can simply request one single document (size: 1) and sorted by decreasing timestamp

POST index/_search
{
   "size": 1,
   "sort": { "timestamp": "desc"},
   "query": {
      "match_all": {}
   }
}

answered Jun 27 '16 at 21:04

Val

207,596
13
358
360

Hey, thanks for the tip. I found somewhere else the answer: GET index-*/type/_search { "query": { "match_all": {} }, "size": 1, "sort": [ { "timestamp": { "order": "desc" } } ] } I am wondering if there is a way of doing this in using the PHP API. – ScipioAfricanus Jun 28 '16 at 14:01
Yes, [see this](https://github.com/elastic/elasticsearch-php#search-for-a-document) – Val Jun 28 '16 at 14:05
1

@devmage feel free to create a new question with your exact needs – Val Jun 11 '20 at 15:59
i've already created one , it will be great if you can share your opinion there – Jun 12 '20 at 04:31

Keshav Lodhi · Answer 2 · 2020-01-30T16:49:27.477

Get last document from elasticsearch using java high-level REST client

The given solution is in Scala language:

import org.elasticsearch.action.search.{SearchRequest, SearchResponse}
import org.elasticsearch.index.query.QueryBuilders
import org.elasticsearch.search.builder.SearchSourceBuilder
import org.elasticsearch.search.sort.SortOrder

val searchRequest = new SearchRequest("index")
val searchSourceBuilder = new SearchSourceBuilder
val queryBuilder = QueryBuilders.boolQuery()

queryBuilder.must(QueryBuilders.termQuery("field.keyword", "field value"))

searchSourceBuilder.query(queryBuilder)
                   .sort("timestamp", SortOrder.DESC)
                   .size(1)
searchRequest.source(searchSourceBuilder)
val searchResponse = high_level_client.search(searchRequest)

This is useful to me thank you! One question though if, you're specifying a field value. what if I just wanted to get back the last 5 documents based off the created date field? — MetaCoder, Apr 22 '21 at 14:31

score 1 · Answer 3 · answered Feb 04 '21 at 08:00

A complete curl command would look something like this. Including security options reading user/password from netrc and using cacert.

curl -s \
     --netrc-file ~/.netrc \
     --cacert ~/ca/ca.crt \
     -H 'Content-Type: application/json' \
     'https://localhost:9200/logstash-*/_search?pretty' \
     -XPOST \
     -d '
         {
            "size": 1,
            "sort": { "@timestamp": "desc"},
            "query": {
               "match_all": {}
            }
        }'

The POST request credits go to the answer from @Val

File locations and index names must of course be adapted to your use case. In addition you must know the name of the timestamp field you wish to sort on. It is usually @timestamp (with the @).

score 0 · Answer 4 · answered Jun 14 '23 at 14:58

0

You can also make a call with the requested information as parameters:

POST /index/_search?size=1&sort=timestamp:desc

answered Jun 14 '23 at 14:58

WoJ

27,165
48
180
345

Get last document from ElasticSearch

4 Answers4

Linked