发表新帖
发表新帖

Representing a Kibana query in a REST, curl form

后端 未结
关注
3 1935
礼貌的吻别
礼貌的吻别 2020-12-29 07:04

I have a Kibana server in a classic ELK configuration, querying an Elasticsearch instance.

I use the Kibana console to execute sophisticated queries on elasticsearc

相关标签:
3条回答
  • 温柔的废话
    2020-12-29 07:39

    In case you are online using a Chrome browser you can go to your Kibana dashboard, open the developer console and write your query while having the Network tab open in the developer console. When you search for your query in the Kibana dashboard you will see the request appear in the developer console. There you can "right click" and select Copy as cURL, which will copy the curl command to your clipboard. Note that credentials of your basic auth may be copied as well. So be careful where you paste it.

    0 讨论(0)
  • 有刺的猬
    2020-12-29 07:54

    At the bottom of your visualization, there is a small caret you can click in order to view more details about the underlying query:

    Then you can click on the "Request" button in order to view the underlying query, which you can copy/paste and do whatever suits you with it.

    UPDATE

    Then you can copy/paste the query from the "Request" textarea and simply paste it in a curl like this:

    curl -XPOST localhost:9200/your_index/your_type/_search -d '{
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "analyze_wildcard": true,
          "query": "blablabla AND blablabla"
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gte": 1439762400000,
                  "lte": 1439848799999
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    }
  },
  "size": 420,
  "sort": {
    "@timestamp": "desc"
  },
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "30m",
        "pre_zone": "+02:00",
        "pre_zone_adjust_large_interval": true,
        "min_doc_count": 0,
        "extended_bounds": {
          "min": 1439762400000,
          "max": 1439848799999
        }
      }
    }
  },
  "fields": [
    "*",
    "_source"
  ],
  "script_fields": {},
  "fielddata_fields": [
    "@timestamp"
  ]
}'

    You may need to tweak a few stuff (like pre/post highlight tags, etc)

    0 讨论(0)
  • Happy的楠姐
    2020-12-29 07:57

    Another option would be to query Elastic Search using lucene queries (same syntax Kibana uses) using the ES search API query_string queries:

    https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html

    Taken from one of the doc example, you would query ES using something like this:

    GET /_search
{
    "query": {
        "query_string" : {
            "default_field" : "content",
            "query" : "this AND that OR thus"
        }
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题