Explore data in Elasticsearch
editExplore data in Elasticsearch
editElastic APM stores data for each event type in separate indices. By default, Index Lifecylce Management (ILM) is enabled and event data is stored using the following index naming patterns:
apm-%{[version]}-transaction-000001 apm-%{[version]}-span-000001 apm-%{[version]}-error-000001 apm-%{[version]}-metric-000001 apm-%{[version]}-sourcemap
If you’ve disabled ILM and are instead using daily indices, the default index naming pattern is:
apm-%{[version]}-transaction-%{+yyyy.MM.dd} apm-%{[version]}-span-%{+yyyy.MM.dd} apm-%{[version]}-error-%{+yyyy.MM.dd} apm-%{[version]}-metric-%{+yyyy.MM.dd} apm-%{[version]}-sourcemap
If your APM data is being stored in a different format, you may be using an outdated apm-server.yml
file. You must update your apm-server.yml
file in order to take advantage of the new format of indices.
Sample APM documents
editSample documents for each of the APM event types are available on these pages:
Elasticsearch query examples
editThe following examples enable you to interact with Elasticsearch’s REST API. One possible way to do this is using Kibana’s Dev Tools console.
Indices, templates, and index-level operations can also be manged via Kibana’s Index management panel.
To see an overview of existing indices, run:
GET _cat/indices/apm*
To query all documents collected with a specific APM Server version:
GET apm-7.15.2-*/_search
To query a specific event type, for example, transactions:
GET apm-*transactions-*/_search
If you are interested in the settings and mappings of the Elastic APM indices, first, run a query to find template names:
GET _cat/templates/apm*
Then, retrieve the specific template you are interested in:
GET /_template/your-template-name