Can I search elasticsearch (version 2.3) and in the search query sort by more than 1 field? Right now i'm sorting by @timestamp and I would like to sort by hostname as well.

Thanks,

2 Answers

As the doc says, you can add one or more sort on specific fields like this:

"sort" : [{ "@timestamp" : "desc" }, { "hostname " : "desc" }]

{ "query": { "range": { "@timestamp": { "gte": "@timestamp", "lte": "@timestamp" } } }, "from": 0, "size": 1000, "_source": [ "@timestamp", ], "sort": [{ "@timestamp": { "order": "desc" } }, { "age": "desc" } ]
}

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.