Get data from visualize/ dashboard using the API

Elastic Stack Kibana
6

your mileage may vary = your experience may be different.

So basically I'm saying I didn't get those third-party plugins for CSV output to work, but I could have done something wrong and they may work just fine for someone else.

If I have this random visualization;

image.png1718×1361 55.5 KB

I click the arrow under the chart and then I see this;

image.png1259×1240 26.8 KB

Click the Request button (and optionally the expand icon circled in red);

image.jpg1229×720 61 KB

If I copy that query and go to the Kibana > Dev Tools > Console, I can paste it along with GET <my index pattern>/_search like this;

GET test4/_search
{
  "query": {
    "query_string": {
      "analyze_wildcard": true,
      "query": "*"
    }
  },
  "size": 0,
  "_source": {
    "excludes": []
  },
  "aggs": {
    "2": {
      "histogram": {
        "field": "number",
        "interval": 1,
        "min_doc_count": 1
      },
      "aggs": {
        "1": {
          "max": {
            "field": "count"
          }
        }
      }
    }
  }
}

and I get the results like in the data table of the visualization;

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 4,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "2": {
      "buckets": [
        {
          "1": {
            "value": 20
          },
          "key": 1,
          "doc_count": 1
        },
        {
          "1": {
            "value": 30
          },
          "key": 2,
          "doc_count": 1
        },
        {
          "1": {
            "value": 50
          },
          "key": 3,
          "doc_count": 1
        },
        {
          "1": {
            "value": 40
          },
          "key": 4,
          "doc_count": 1
        }
      ]
    }
  }
}

I can click the wrench in the Console to copy that query as curl;

image.png1045×309 31 KB

In my case, I need to add authentication and -k to ignore my invalid ssl certificate. The results are at the bottom.
You'll probably have to scroll over to see them;

$ curl -k -XGET "https://elastic:changeit@localhost:9200/test4/_search" -H 'Content-Type: application/json' -d'
{
  "query": {
    "query_string": {
      "analyze_wildcard": true,
      "query": "*"
    }
  },
  "size": 0,
  "_source": {
    "excludes": []
  },
  "aggs": {
    "2": {
      "histogram": {
        "field": "number",
        "interval": 1,
        "min_doc_count": 1
      },
      "aggs": {
        "1": {
          "max": {
            "field": "count"
          }
        }
      }
    }
  }
}'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   738  100   336  100   402   1953   2337 --:--:-- --:--:-- --:--:--  2337{"took":0,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":4,"max_score":0.0,"hits":[]},"aggregations":{"2":{"buckets":[{"key":1.0,"doc_count":1,"1":{"value":20.0}},{"key":2.0,"doc_count":1,"1":{"value":30.0}},{"key":3.0,"doc_count":1,"1":{"value":50.0}},{"key":4.0,"doc_count":1,"1":{"value":40.0}}]}}}

You could use any language or library that does http GET requests.

Hope this helps.

Regards,
Lee

8 Likes