how to query with python elasticseach module over multiple indexes?

Question

just for testing, I have a single elasticsearch node containing indexes like:

service-log-17032020 service-log-20032020 service-log-21032020

I am trying to build a query for searching on all indexes with service-log-* pattern. This query works perfectly with the full index name, how can I search on all indexes?

index = INDEX_NAME
query_body = {
            "from":0,
            "size":100,
            "query": {  
              "bool": {
                "must": [
                  {
                    "match" : {
                      "field": "text"
                    }
                  },
                  {                       
                    "range": {
                      "@timestamp": {
                        "gt":str(date)
                      }
                    }
                  }
                ]
              }               
            }
        }

result = elastic_client.search(index=INDEX_NAME, body=query_body)

Answer 1

Since you're using the Python client you can do the following:

from elasticsearch import Elasticsearch

es = Elasticsearch()

# Queries all indices in the cluster.
es.search(index="*", body=...)

# Queries all indices that start with 'logs-'
es.search(index="logs-*", body=...)

# Queries 'logs-1', 'logs-2', and 'logs-5'.
# Serializes to 'logs-1,logs-2,logs-5' in the URL. 
es.search(index=["logs-1", "logs-2", "logs-5"], body=...)

<disclosure: I maintain the Python Elasticsearch client and am employed by Elastic>

Answer 2

You can pass * as the index name.

Answer 3

According to ES docs:

Most APIs that refer to an index parameter support execution across multiple indices, using simple test1,test2,test3 notation (or _all for all indices). It also supports wildcards, for example test* or test or tet or test, and the ability to "exclude" (-), for example test*,-test3.