I've got a saved object with a search result. I've managed to find that saved object through REST-APi with:
http://localhost:9200/.kibana/search// but the result I get is only the structure of the search-request, not the actual response-data. How do I get the response data from this saved object?
When you query the .kibana index for a search object, you'll get back a document that looks like:
If you look at the kibanaSavedObjectMeta.searchSourceJSON from a search object in the .kibana index:
$ http --auth kibana_user:11111111 localhost:9200/.kibana/search/d76780b0-c15e-11e6-b8ec-f58a80978e3d?filter_path=_source.kibanaSavedObjectMeta.searchSourceJSON
HTTP/1.1 200 OK
content-encoding: gzip
content-type: application/json; charset=UTF-8
transfer-encoding: chunked
{
"_source": {
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"tweets-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_type:avocado\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
}
}
}
The next thing you would notice is that you can't exactly just clean up the string into JSON and pass that in a request to Elasticsearch. This is because some of the fields, other than query are used for the Elasticsearch proxy built into Kibana.
What you really want instead of "the response data from the saved object" is to make a request directly to Elasticsearch with a query. Kibana throws in some parameters to help rendering the search into a UI (for example, highlighting, always allowing wildcard) which most of the time you probably don't need. The searchSourceJSON in my data can be simplified into this ES query:
GET tweets-*/_search
{
"query": {
"query_string": {
"query": "_type:avocado"
}
}
}
If you want to see what the actual query from a saved search looks like, you can also use the Spy panel in Kibana:
But if I have to construct a completely new request, there is no use for my saved one. Wouldn't it be nice if for example management could design the searches they want, and me as a developer just could access that search through the REST-API and use the result.
Another thing that I haven't succeded with yet is to use aggs in my REST-requests. Is that possible?
Not in the:
GET tweets-*/_search
{
"query": {
"query_string": {
"query": "_type:avocado"
}
}
}
-format, I want it in:
http://localhost:9200/monitor/_search?q=activityName=beslut
-format to be able to work further with it.
Saved objects have a use: Kibana uses them for searches and visualizations.
Getting the data directly out of the .kibana index isn't really using a "REST API". You're using the Elasticsearch search API to get data that's managed by Kibana, and you're trying to go around Kibana to get it.
The ideal way to get the search is to use the "Request" out of the Spy panel like I showed you,
If you want to completely automate the developer from having to do anything, you could look into X-Pack Reporting, which would let your manager create a visualization and then a process runs in Elasticsearch that runs the query and renders the visualization periodically, and automatically emails your manager with a PDF 
I'm using the data I pull from ES in another application to do further calculations, so I'm afraid a pdf doesn't do it for me. 
I have no problem to search in the ES documents and pull the correct data, but I would like to do some mote advanced stuff like aggregations from my REST-request.
Getting the search source JSON converted into a usable query for Elasticsearch might be an interesting job for a Kibana plugin, but as far as I know, there are not plugins that will do that today.
I would like to do some mote advanced stuff like aggregations from my REST-request.
For now, it looks like the best way to move forward is to use the request out of the Spy panel and copy them into your other application to use. If you want the application to to more advanced kinds of queries and aggregations, you should probably spend some time reading about the search and aggregation features offered by Elasticsearch: Elasticsearch Guide [8.11] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.