Geek Answers Handbook

Kibana request representation in REST, curl form

I have a Kibana server in the classic ELK requesting an instance of Elasticsearch .

I use the Kibana console to execute complex queries in elasticsearch. I would like to use some of these queries on the command line using cURL or any other http tool.

How to convert a Kibana search to a direct, cURL-like REST call for elasticsearch ?

+9
rest curl elasticsearch kibana
source share
4 answers

At the bottom of your visualization there is a small caret that you can click to view more detailed information about the base query:

Show more info

Then you can click the "Request" button to view the basic request, which you can copy / paste and do whatever suits you.

enter image description here

UPDATE

Then you can copy / paste the request from the "Request" text box and simply paste it into the curl, for example:

curl -XPOST localhost:9200/your_index/your_type/_search -d '{ "query": { "filtered": { "query": { "query_string": { "analyze_wildcard": true, "query": "blablabla AND blablabla" } }, "filter": { "bool": { "must": [ { "range": { "@timestamp": { "gte": 1439762400000, "lte": 1439848799999 } } } ], "must_not": [] } } } }, "highlight": { "pre_tags": [ "@ kibana-highlighted-field@ " ], "post_tags": [ "@/ kibana-highlighted-field@ " ], "fields": { "*": {} } }, "size": 420, "sort": { "@timestamp": "desc" }, "aggs": { "2": { "date_histogram": { "field": "@timestamp", "interval": "30m", "pre_zone": "+02:00", "pre_zone_adjust_large_interval": true, "min_doc_count": 0, "extended_bounds": { "min": 1439762400000, "max": 1439848799999 } } } }, "fields": [ "*", "_source" ], "script_fields": {}, "fielddata_fields": [ "@timestamp" ] }'

You may need to configure several items (e.g. pre and post release tags, etc.)

+19
source share

If you use the Chrome browser, you can go to the Kibana toolbar, open the developer console and write your request, and the Network tab will open in the developer console. When you search for your request in the Kibana control panel, you will see that the request appears in the developer console. There you can right-click and select Copy as cURL , which will copy the curl command to your clipboard. Please note that the credentials of your main file may be copied. So be careful when you insert it.

+8
source share

Another option is an Elastic Search query using lucene queries (the same syntax that Kibana uses) using query_string ES search API queries:

https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html

Taken from one example document, you would query ES using something like this:

 GET /_search { "query": { "query_string" : { "default_field" : "content", "query" : "this AND that OR thus" } } }
+1
source share

No longer exists on 6.6 :(

0
source share

More articles:


All Articles