Representing a Kibana query in a REST, curl form
I have a Kibana server in a classic ELK configuration, querying an Elasticsearch instance.
I use the Kibana console to execute sophisticated queries on elasticsearch. I would like to use some of these queries in the command linem using cURL or any other http tool.
How can I convert a Kibana search into a direct, cURL-like REST call to elasticsearch?
Answer
At the bottom of your visualization, there is a small caret you can click in order to view more details about the underlying query:
Then you can click on the "Request" button in order to view the underlying query, which you can copy/paste and do whatever suits you with it.
UPDATE
Then you can copy/paste the query from the "Request" textarea and simply paste it in a curl like this:
curl -XPOST localhost:9200/your_index/your_type/_search -d '{
"query": {
"filtered": {
"query": {
"query_string": {
"analyze_wildcard": true,
"query": "blablabla AND blablabla"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1439762400000,
"lte": 1439848799999
}
}
}
],
"must_not": []
}
}
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {}
}
},
"size": 420,
"sort": {
"@timestamp": "desc"
},
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"interval": "30m",
"pre_zone": "+02:00",
"pre_zone_adjust_large_interval": true,
"min_doc_count": 0,
"extended_bounds": {
"min": 1439762400000,
"max": 1439848799999
}
}
}
},
"fields": [
"*",
"_source"
],
"script_fields": {},
"fielddata_fields": [
"@timestamp"
]
}'
You may need to tweak a few stuff (like pre/post highlight tags, etc)