Querying ElasticSearch

Querying ElasticSearch

We support two flavors of ElasticSearch queries, Lucene/string style queries (like Kibana) and the more elaborate JSON based queries. For the first one create a data source of type Kibana and for the later create data source of type ElasticSearch.

String query example:

  • Query the index named “twitter”
  • Filter by “user:kimchy”
  • Return the fields: “@timestamp”, “tweet” and “user”
  • Return up to 15 results
  • Sort by @timestamp ascending
{
    "index" : "twitter",
    "query" : "user:kimchy",
    "fields" : ["@timestamp", "tweet", "user"],
    "size" : 15,
    "sort" : "@timestamp:asc"
}

Simple query on a logstash ElasticSearch instance:

  • Query the index named “logstash-2015.04.* (in this case its all of April 2015)
  • Filter by type:events AND eventName:UserUpgrade AND channel:selfserve
  • Return fields: “@timestamp”, “userId”, “channel”, “utm_source”, “utm_medium”, “utm_campaign”, “utm_content”
  • Return up to 250 results
  • Sort by @timestamp ascending
{
    "index" : "logstash-2015.04.*",
    "query" : "type:events AND eventName:UserUpgrade AND channel:selfserve",
    "fields" : ["@timestamp", "userId", "channel", "utm_source", "utm_medium", "utm_campaign", "utm_content"],
    "size" : 250,
    "sort" : "@timestamp:asc"
}

JSON document query on a ElasticSearch instance:

  • Query the index named “twitter”
  • Filter by user equal “kimchy”
  • Return the fields: “@timestamp”, “tweet” and “user”
  • Return up to 15 results
  • Sort by @timestamp ascending
{
    "index" : "twitter",
    "query" : {
    "match": {
        "user" : "kimchy"
        }
    },
    "fields" : ["@timestamp", "tweet", "user"],
    "size" : 15,
    "sort" : "@timestamp:asc"
}

results for ""

    powered by

    No results matching ""