Exploring data in Elasticsearch

edit

By default Elastic APM data are stored in different indices, in the format of apm-%{[beat.version]}-{type}-%{+yyyy.MM.dd}.

For getting an overview of existing indices you can run:

GET _cat/indices/apm*

Default APM template and indices:

For querying all APM data:

GET apm*/_search

Querying documents that have been collected with a specific APM Server version:

GET apm-6.3.2-*/_search

If you are only interested in specific document types, e.g. error documents you can use the type in your query:

GET apm-*error-*/_search

If you are interested in the settings and mappings applied to the Elastic APM indices, you can fetch the index templates. First run a query for figuring out which templates exist:

GET _cat/templates/apm*

Then you can retrieve the specific template you are interested in by sending:

GET  /_template/your-template-name

You can read more about Index Templates and how they are used.

Another option is to use the Kibana Index Management UI. When clicking on a specific index you can view the settings and mapping for it.