Exploring data in Elasticsearch
editExploring data in Elasticsearch
editBy default, Elastic APM data is stored in separated indices in the following formats:
apm-%{[version]}-transaction-%{+yyyy.MM.dd} apm-%{[version]}-span-%{+yyyy.MM.dd} apm-%{[version]}-error-%{+yyyy.MM.dd} apm-%{[version]}-metric-%{+yyyy.MM.dd} apm-%{[version]}-sourcemap
If you’re unfamiliar with the data types shown above, they are described in the APM data model.
If your APM data is being stored in a different format, you may be using an outdated apm-server.yml
file. You must update your apm-server.yml
file in order to take advantage of the new format of indices.
To get an overview of existing indices you can run:
GET _cat/indices/apm*
Default APM template
and indices
:
To query all documents collected with a specific APM Server version:
GET apm-7.4.2-*/_search
To query a specific type, for example transactions:
GET apm-*transactions-*/_search
If you are interested in the settings and mappings of the Elastic APM indices, first, run a query to find template names:
GET _cat/templates/apm*
Then you can retrieve the specific template you are interested in:
GET /_template/your-template-name
Read more about Index Templates and how they are used.
Alternatively, use the Kibana Index Management UI. When clicking on a specific index you can view the settings and mapping for it.