Count number of docs indexed in certain interval (e.g., last 15 min)
GET /logstash-<DATE>/_search?filter_path=hits.total
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-15m",
"lte": "now"
}
}
}
]
}
},
"size": 0
}
Get total docs indexed in interval and breakdown of docs per sub-interval (i.e., total docs indexed last 15 min and docs per 5 min interval therein)
GET /logstash-<DATE>/_search?filter_path=hits.total,aggregations.datehisto.buckets
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-15m",
"lte": "now"
}
}
}
]
}
},
"size": 0,
"aggs": {
"datehisto": {
"date_histogram": {
"field": "@timestamp",
"interval": "5m",
"min_doc_count": 1,
"extended_bounds": {
"min": "now-15m",
"max": "now"
}
}
}
}
}