Representing a Kibana query in a REST, curl form

后端未结

关注

 3  1936

礼貌的吻别 2020-12-29 07:04

I have a Kibana server in a classic ELK configuration, querying an Elasticsearch instance.

I use the Kibana console to execute sophisticated queries on elasticsearc

3条回答

有刺的猬 (楼主)

2020-12-29 07:54

At the bottom of your visualization, there is a small caret you can click in order to view more details about the underlying query:

Then you can click on the "Request" button in order to view the underlying query, which you can copy/paste and do whatever suits you with it.

UPDATE

Then you can copy/paste the query from the "Request" textarea and simply paste it in a curl like this:

curl -XPOST localhost:9200/your_index/your_type/_search -d '{
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "analyze_wildcard": true,
          "query": "blablabla AND blablabla"
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gte": 1439762400000,
                  "lte": 1439848799999
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    }
  },
  "size": 420,
  "sort": {
    "@timestamp": "desc"
  },
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "30m",
        "pre_zone": "+02:00",
        "pre_zone_adjust_large_interval": true,
        "min_doc_count": 0,
        "extended_bounds": {
          "min": 1439762400000,
          "max": 1439848799999
        }
      }
    }
  },
  "fields": [
    "*",
    "_source"
  ],
  "script_fields": {},
  "fielddata_fields": [
    "@timestamp"
  ]
}'

You may need to tweak a few stuff (like pre/post highlight tags, etc)

0 讨论(0)

查看其它3个回答