Exploring data in Elasticsearch

edit

By default, Elastic APM data is stored in separated indices in the following formats:

apm-%{[version]}-transaction-%{+yyyy.MM.dd}
apm-%{[version]}-span-%{+yyyy.MM.dd}
apm-%{[version]}-error-%{+yyyy.MM.dd}
apm-%{[version]}-metric-%{+yyyy.MM.dd}
apm-%{[version]}-sourcemap

If you’re unfamiliar with the data types shown above, they are described in the APM data model.

If your APM data is being stored in a different format, you may be using an outdated apm-server.yml file. You must update your apm-server.yml file in order to take advantage of the new format of indices.

To get an overview of existing indices you can run:

GET _cat/indices/apm*

Default APM template and indices:

To query all documents collected with a specific APM Server version:

GET apm-7.6.2-*/_search

To query a specific type, for example transactions:

GET apm-*transactions-*/_search

If you are interested in the settings and mappings of the Elastic APM indices, first, run a query to find template names:

GET _cat/templates/apm*

Then you can retrieve the specific template you are interested in:

GET  /_template/your-template-name

Read more about Index Templates and how they are used.

Alternatively, use the Kibana Index Management UI. When clicking on a specific index you can view the settings and mapping for it.