Exploring data in Elasticsearch
editExploring data in Elasticsearch
editTemplates describing how the APM Server stores data in Elasticsearch have changed in v6.5. Read the upgrading to 6.5 guide for more information.
By default, Elastic APM data is stored in separated indices in the following formats:
apm-%{[version]}-transaction-%{+yyyy.MM.dd} apm-%{[version]}-span-%{+yyyy.MM.dd} apm-%{[version]}-error-%{+yyyy.MM.dd} apm-%{[version]}-metric-%{+yyyy.MM.dd} apm-%{[version]}-sourcemap
If you’re unfamiliar with the data types shown above, they are described in the APM data model.
If your APM data is being stored in a different format, you may be using an outdated apm-server.yml
file. You must update your apm-server.yml
file in order to take advantage of the new format of indices.
To get an overview of existing indices you can run:
GET _cat/indices/apm*
Default APM template
and indices
:
To query all documents collected with a specific APM Server version:
GET apm-6.7.2-*/_search
To query a specific type, for example transactions:
GET apm-*transactions-*/_search
If you are interested in the settings and mappings of the Elastic APM indices, first, run a query to find template names:
GET _cat/templates/apm*
Then you can retrieve the specific template you are interested in:
GET /_template/your-template-name
Read more about Index Templates and how they are used.
Alternatively, use the Kibana Index Management UI. When clicking on a specific index you can view the settings and mapping for it.