AsyncSearch
Updated at:2025-11-03
Description
Search and analyze BLS logs
API restriction
- Only index path query is supported, and it must not be empty; other query parameters (e.g., timeout) are not supported. For struct parameters, only query, aggs, fields, sort, searchAfter, highlight, and size are currently supported
- For the syntax support of the query (query) and aggs (aggregation) parameters, refer to the list below
- Random pagination is not currently supported; therefore, the from struct parameter is not supported. Only the cursor of searchAfter can be used to get the next page
- The next-page field of searchAfter only supports the first element of the array, and only returns an array with one element (as the cursor for the next page in BLS)
- The response result does not include the total parameter or _score (relevance score). If the total number of data entries is required, it can be obtained using the ValueCountAggregation aggregation syntax
- Currently, this function returns results synchronously; asynchronous is not supported. BLS will continue the query until a timeout error occurs
The Elasticsearch search syntax currently supported by BLS is as follows:
- MatchAllQuery
- BoolQuery
- RangeQuery
- TermQuery
- MatchPhrase
- MatchQuery
- WildcardQuery
- MultiMatchQuery
- ExistQuery
- IdsQuery
- PrefixQuery
- QueryStringQuery
- SimpleQueryStringQuery
The Elasticsearch analysis syntax currently supported by BLS is as follows:
- DateHistogramAggregation
- HistogramAggregation
- TermsAggregation
- SamplerAggregation
- RandomSamplerBridgeAggregation
- ValueCountAggregation
- CardinalityAggregation
- MaxAggregation
- MinAggregation
- SumAggregation
- AverageAggregation
- PercentilesAggregation
- StatsAggregation
- FilterAggregation
- FiltersAggregation
Request
- Request syntax
Text
1POST /<name>/_async_search HTTP/1.1
2Host: <Endpoint>
3Authorization: <Authorization String>- Request headers
No additional headers are required beyond the standard request headers.
- Request parameters
| Parameter name | Types | Required or not | Parameter location | Description |
|---|---|---|---|---|
| name | String | Yes | Path | Index name: Fuzzy matching is not supported |
| query | Object | Yes | RequestBody | The syntax is the same as that of ordinary queryDSL; refer to the official website for syntax rules |
| aggs | Object | No | RequestBody | The syntax is the same as that of ordinary Aggregations; refer to the official website for syntax rules |
| fields | List<String> | No | RequestBody | Field list in response: All fields by default |
| sort | Map<String, Map<String, String>> | No | RequestBody | Sorting: Currently, only sorting by @timestamp is supported; sorted in descending order of time by default |
| searchAfter | List<String> | No | RequestBody | Next-page cursor: Currently, only the first element of the array is supported. Queries start from the first entry at the specified time by default |
| highlight | Highlight | No | RequestBody | Highlight configuration |
| size | Int | No | RequestBody | Number of matching logs to return: Default is 1000 |
The element structure of Highlight object is as follows:
| Parameter name | Types | Required or not | Parameter location | Description |
|---|---|---|---|---|
| pre_tags | List<String> | No | RequestBody | Prefix identifier for highlight: Default is @kibana-highlighted-field@ |
| post_tags | List<String> | No | RequestBody | Suffix identifier for highlight: Default is @/kibana-highlighted-field@ |
Successful response
- Response headers
No additional headers are required beyond the standard response headers.
- Response parameters
| Field | Types | Description |
|---|---|---|
| start_time_in_millis | Int | Query start time |
| expiration_time_in_millis | Int | Query end time |
| response | Response | Response Body |
The element structure of response object in the above table is as follows:
| Field | Types | Description |
|---|---|---|
| took | Int | Query duration |
| timed_out | Boolean | Whether timeout occurred |
| _shards | Shard | Query shard status |
| hits | Matched documents | |
| aggregations | Aggregations | Aggregation results: Refer to the official website |
The element structure of Shard object is as follows:
| Field | Types | Description |
|---|---|---|
| total | Int | Total number of shards queried: Currently fixed at 1 |
| successful | Int | Number of successful shards |
| skipped | Int | Number of skipped shards |
| failed | Int | Number of failed shards |
The element structure of Hit object is as follows:
| Field | Types | Description |
|---|---|---|
| _index | String | Project and logstore information: For non-default projects, the format is ProjectName$LogStoreName; for the default project, only the logstore name is displayed |
| _id | String | Logstore record ID: Composed of offset and timestamp |
| _score | Double | Score: Currently fixed at 0 |
| sort | List<String> | Sort field: Used to retrieve the next page; currently contains only one element |
| _version | Int | Version: Currently fixed at 1 |
| fields | Map<String, []Any> | Logstore field information |
| _version | Int | Version: Currently fixed at 1 |
Anomaly response
- Response headers
No additional headers are required beyond the standard response headers.
- Response parameters
| Field | Types | Description |
|---|---|---|
| error | Error | Error reason |
| status | Int | HTTP status code: e.g., 500 |
The element structure of Error object in the above table is as follows:
| Field | Types | Description |
|---|---|---|
| root_cause | List<Error> | Root cause |
| caused_by | Error | Specific cause |
| type | String | Error type |
| reason | String | Error reason |
Example
- Request example
Text
1POST /my-index/_async_search HTTP/1.1
2Host: bls-log.bj.baidubce.com
3Authorization:bce-auth-v1/18717522d39411e9b721df098b0b908c/2019-09-10T07:00:20Z/1800/content-type;host;x-bce-date;x-bce-request-id/6a7cb6c9ac7ec156c805e55e7d0bcfc443b47feee97cf099c1c0d93a0b4c8304
4Content-Type: application/json; charset=utf-8
5{
6 // Required: Elasticsearch query syntax. Refer to the description below for supported syntax
7 "query": {
8 "bool": {
9 "filter": [
10 {
11 "range": {
12 "@timestamp": {
13 "format": "strict_date_optional_time",
14 "gte": "2025-08-01T04:18:44.642Z",
15 "lte": "2025-08-01T06:18:44.642Z"
16 }
17 }
18 }
19 ]
20 }
21 },
22 // Optional: Elasticsearch aggregation syntax. Refer to the description below for supported syntax
23 "aggs": {
24 "0": {
25 "terms": {
26 "field": "level",
27 "order": {
28 "_count": "desc"
29 },
30 "size": 3
31 },
32 "aggs": {
33 "1": {
34 "date_histogram": {
35 "field": "@timestamp",
36 "fixed_interval": "30m",
37 }
38 }
39 }
40 }
41 },
42 // Field list in response: All fields by default
43 "fields": [
44 {
45 "field": "*",
46 "include_unmapped": "true"
47 }
48 ],
49 // Optional: Sorting: Currently, only sorting by timestamp is supported; sorted in descending order of time by default
50 "sort": [
51 {
52 "timestamp": {
53 "order": "desc",
54 }
55 }
56 ],
57 // Optional: Next-page cursor: Currently, only the first element of the array is supported. Queries start from the first entry at the specified time by default
58 "searchAfter": [
59 "CJPphaWXMxCMgNz4haWXMxj0Aw"
60 ]
61 // Highlight configuration: Optional
62 "highlight": {
63 // Optional: Prefix identifier for highlight: Default is @kibana-highlighted-field@
64 "pre_tags": [
65 "@kibana-highlighted-field@"
66 ],
67 // Optional: Suffix identifier for highlight: Default is @/kibana-highlighted-field@
68 "post_tags": [
69 "@/kibana-highlighted-field@"
70 ]
71 }
72 // Optional: Number of matching logs to return: Default is 1000
73 "size": 20
74}- Response example
Text
1HTTP/1.1 204
2Content-Type: application/json; charset=utf-8
3X-Bce-Request-Id: 2eeba101-4cc7-4cfe-b5ac-a3be8d060e33
4Date: Fri, 10 Apr 2020 04:42:37 GMT
5// Success example
6{
7 // Query start time
8 "start_time_in_millis": 1696324475123,
9 // Query end time
10 "expiration_time_in_millis": 1696929275123,
11 // Response body
12 "response": {
13 // Query duration
14 "took": 132,
15 // Whether timeout occurred
16 "timed_out": false,
17 // Query shard status
18 "_shards": {
19 // Total number of shards queried: Currently fixed at 1
20 "total": 1,
21 // Number of successful shards
22 "successful": 1,
23 // Number of skipped shards
24 "skipped": 0,
25 // Number of failed shards
26 "failed": 0
27 },
28 // Query match results
29 "hits": {
30 // Specific log record information: One element represents one log record
31 "hits": [
32 {
33 // Project and logstore information: For non-default projects, the format is ProjectName$LogStoreName; for the default project, only the logstore name is displayed
34 "_index": "project$logstore",
35 // Logstore record ID: Composed of offset and timestamp
36 "_id": "1758596174317#28812839737868314",
37 // Score: Currently fixed at 0
38 "_score": 0,
39 // Sort field: Used to retrieve the next page
40 "sort": [
41 "CJPphaWXMxCMgNz4haWXMxj0Aw"
42 ],
43 // Version: Currently fixed at 1
44 "_version": 1
45 // Logstore field information
46 "fields": {
47 // Time field
48 "@timestamp": [
49 "2025-09-23T03:32:48.750Z"
50 ],
51 // Index field caller
52 "caller": [
53 "middleware/log_request.go:47"
54 ],
55 // Index field ip
56 "ip": [
57 "10.164.105.42"
58 ],
59 }
60 }
61 ]
62 },
63 // Log aggregation information
64 "aggregations": {
65 // First bucket aggregation information
66 "0": {
67 "buckets": [
68 {
69 // Second bucket aggregation information
70 "1": {
71 "buckets": [
72 {
73 // Total number of logs in this bucket
74 "doc_count": 66626,
75 // Name of the first bucket
76 "key": 1758508200000,
77 // String information
78 "key_as_string": "2025-09-22T02:30:00.000+00:00"
79 },
80 {
81 "doc_count": 189923,
82 "key": 1758510000000,
83 "key_as_string": "2025-09-22T03:00:00.000+00:00"
84 },
85 ]
86 },
87 // Number of matching logs in the second bucket
88 "doc_count": 9185770,
89 // Name of the second bucket
90 "key": "info"
91 },
92 {
93 "1": {
94 "buckets": [
95 {
96 "doc_count": 31945,
97 "key": 1758508200000,
98 "key_as_string": "2025-09-22T02:30:00.000+00:00"
99 },
100 {
101 "doc_count": 84637,
102 "key": 1758510000000,
103 "key_as_string": "2025-09-22T03:00:00.000+00:00"
104 }
105 ]
106 },
107 "doc_count": 4093518,
108 "key": "warn"
109 }
110 ],
111 // Number of error documents
112 "doc_count_error_upper_bound": 0,
113 // Number of other documents
114 "sum_other_doc_count": 565
115 }
116 }
117 }
118}
119// Exception example
120{
121 "error": {
122 "root_cause": [
123 {
124 "type": "status_exception",
125 "reason": "exist stat aggregations syntax not support",
126 }
127 ],
128 "caused_by": {
129 "type": "search_phase_execution_exception",
130 "reason": "all shards failed"
131 "caused_by": {
132 "type": "parse_exception",
133 "reason": "exist stat aggregations syntax not support"
134 }
135 }
136 "type": "status_exception",
137 "reason": "error while executing search"
138 },
139 "status": 500
140}