Elasticsearch index last update time

Is there a way to retrieve from ElasticSearch information on when a specific index was last updated? My goal is to be able to tell when it was the last time that any documents were inserted/updated/deleted in the index. If this is not possible, is there something I can add in my index modification requests that will provide this information later on?

1

4 Answers

You can get the modification time from the _timestamp

To make it easier to return the timestamp you can set up Elasticsearch to store it:

curl -XPUT "" -d'
{ "mytype": { "_timestamp": { "enabled": "true", "store": "yes" } }
}'

If I insert a document and then query on it I get the timestamp:

 curl -XGET ' -d '{
> fields : ["_timestamp"],
> "query": {
> "query_string": { "query":"*"}
> }
> }'
{ "took" : 7, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 1.0, "hits" : [ { "_index" : "myindex", "_type" : "mytype", "_id" : "1", "_score" : 1.0, "fields" : { "_timestamp" : 1417599223918 } } ] }
}

updating the existing document:

curl -XPOST "" -d'
{ "doc" : { "field1": "data", "field2": "more data" }, "doc_as_upsert" : true
}'

Re-running the previous query shows me an updated timestamp:

 "fields" : { "_timestamp" : 1417599620167 }
6

I don't know if there are people who are looking for an equivalent, but here is a workaround using shards stats for > Elasticsearch 5 users: curl XGET

As you'll see, you have some informations per indices, commits and/or flushs that you might use to see if the indice changed (or not).

I hope it will help someone.

Just looked into a solution for this problem. Recent Elasticsearch versions have a <index>/_recovery API.

This returns a list of shards and a field called stop_time_in_millis which looks like it is a timestamp for the last write to that shard.

3

A simple solution that could suffice in some use cases, could also be to look at the files that elastic search use to store its data, and sort those based on modification time, e.g.:

sudo find /var/lib/elasticsearch/ -type f -exec stat -c "%y - %n" {} ; | sort -k 1,2

This would give a conservative estimate, in the sense that data is certainly not modified later than the file with the latest timestamp.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like