Versions : OpenSearch 2.9
In discovery tab when I query index for last day it show over 70k events (see attached)
When I run the following dsl query(please note index pattern in Disovery matched the index name I am running query against):
GET kubernetes-st1-*/_search?pretty=true
{"query":{"bool":{"must":[{"match": { "kubernetes.namespace_name": "performance-reporting-api-prod"}}],"filter": [{"range": {"@timestamp":{"gte":"now-24h","lte":"now"}}}]}}}
I am only getting first 10k data, which is fine as long as I can do my pagination on. Per Paginate results - OpenSearch Documentation I am supposed to get from field in my json return. Which I don’t get. Another thing they recommend is to get scroll_id. In this case I know I need 7 pages to query, but why isn’t from field showing?
{
"took": 16,
"timed_out": false,
"_shards": {
"total": 70,
"successful": 70,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": 11.644901,
"hits": [
{
"_index": "kubernetes-st1-2024.10.20",
"_id": "6FBRrJIB2usrQrsSNZTM",
"_score": 11.644901,
"_source": {
Configuration:
Relevant Logs or Screenshots: