Hi,

My project is having Elasticsearch running on few EC2 Machines.
I want to do 2 things

1. Check ES Query's executed in last 5 minutes or 1 hour
2. Have a tool where i can run SQL on top of Elasticsearch.
   If user is from SQL background, this will help use data in Elasticsearch without learning ES Query syntax.

Could you please help.

Thanks,
Chandra

1. You need to monitor that by yourself. Or use audit log (but I think it's available only with a trial or commercial license)
2. There's a SQL endpoint in Elasticsearch. See SQL | Elasticsearch Guide [8.2] | Elastic

Thanks... I tried and able connect using "Elasticsearch-sql-cli.bat http://username:password@hostname:8080" (Actual credentials are not shown here)

Once i am sql prompt, i ran command "show tables", "select * from tablename"
i am unable to get the data back. I am getting this error.. Could you please help.
I tried to check in blogs but i didn't get the actual root cause and fix i need to do.
Is it because i may not have POST access? This is the 1st time i am trying post in project account.
I can run get from Postman and Curl.
sql> show tables;
Communication error [Cannot POST address http://hostname:8080/_xpack/sql?error_trace (Can't parse error from Elasticsearch [Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')] at [line 1 col 1]. Response:

403 Forbidden

Thanks,
Chandra

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.