Learnitweb

Reading Documents in Elasticsearch

1. Getting a Document by ID

This is the simplest and fastest way to read data from Elasticsearch.

Syntax

GET /<index_name>/_doc/<document_id>

Example: Fetch a Book with ID = 3

GET /books/_doc/3

This is a simple GET request where:

  • books is the index name
  • _doc represents the document endpoint
  • 3 is the document ID

Response Explanation

You will get a response similar to this:

{
  "_index": "books",
  "_id": "3",
  "found": true,
  "_source": {
    "title": "Some Book",
    "author": "Some Author",
    "rating": 4.6
  }
}

Let’s understand what this means:

  • _index → The index where the document is stored
  • _id → The document’s unique ID
  • found: true → Confirms that the document exists
  • _source → The actual document data

This _source section is what we usually care about the most.

What If the Document Does Not Exist?

If you try to fetch a document using an ID that does not exist:

GET /books/_doc/99

You will receive:

{
  "_id": "99",
  "found": false
}

Along with an HTTP 404 status code.

This means:

  • The document does not exist
  • Elasticsearch handled the request correctly

Getting All Documents from an Index

Now let’s see how to retrieve all documents from the books index.

This is similar to running:

SELECT * FROM books;

in a relational database.

Request

GET /books/_search

Response Explanation

You will receive a response that looks something like this:

{
  "took": 1,
  "hits": {
    "total": {
      "value": 4
    },
    "hits": [
      { "_source": { ... } },
      { "_source": { ... } },
      { "_source": { ... } },
      { "_source": { ... } }
    ]
  }
}

Let’s break this down.

took

This tells how much time Elasticsearch took to process the request (in milliseconds).

Example:

"took": 1

This means the query took 1 millisecond.

hits.total.value

This shows the total number of matching documents.

In this case:

"value": 4

Meaning there are 4 documents in the index.

hits.hits

This array contains the actual documents.

Each entry inside it represents one document stored in the index.

Simple Search Using Text Values

Now let’s try something interesting.

Suppose you search for:

GET /books/_search?q=Lee

This will return documents where any field contains the word Lee.

It could match:

  • Author name
  • Title
  • Genre
  • Any text-based field

You do not need to explicitly mention which field to search.

Example Behavior

If a book has:

  • Author = “Harper Lee”

Then this document will be returned.

Searching with Other Values

If you search:

GET /books/_search?q=fiction

You will get all documents where any field contains the word fiction.

Similarly:

GET /books/_search?q=4.6

Will match documents where a numeric field contains that value.

Important Observation

At this point, Elasticsearch is performing a very broad search.

You are not telling it:

  • Which field to search
  • How to filter results
  • How to apply conditions

You are simply saying:

“Find anything that contains this value.”

This is why the results may sometimes feel unexpected — and that’s completely normal at this stage.