Constructing a Request Using Kibana Saved Search Information

Elastic Stack Kibana
2

Hi @JoeyMarinello,

first off, I want to point out that the way Kibana stores saved searches can and
will change in the future and does not constitute a stable api for external
use. :wink:

If you still want to go ahead, I can give some pointers:

  • the columns field contains the columns displayed
  • the sort field contains the sorting criterion in the form [column, direction]
  • the kibanaSavedObjectMeta is a JSON-encoded string containing the index pattern, the filter and the query

From these information you could create a [query](https://www.elastic.co/guide/
en/elasticsearch/reference/current/search-request-body.html) that could roughly look
like this:

GET /${INDEX_PATTERN}/_search
{
  "query": {
    "bool": {
      "must": [
        ${QUERY_FROM_JSON}
        ...${FILTERS_FROM_JSON}
        {
          "range": {
            "@timestamp": {
              "gte": ${FROM_TIMESTAMP},
              "lte": ${TO_TIMESTAMP},
            }
          }
        }
      ]
    }
  },
  "sort": [
    {
      "${COLUMN}": { "order": "${DIRECTION}" }
    }
  ],
  "_source": [
    ...${COLUMNS}
  ]
}

The ${ABC}s are placeholders for the values extracted from the saved search
document. It's obviously just a rough outline that needs to be adapted to your
specific use case.

Also of interest might be to know that the ability to export discover query results as CSV without fiddling with requests yourself is being worked on and will be released as part of x-pack's reporting feature when done.

1 Like