Hi, I'm using version 6.5 and have the following scenario:
(tl;dr: I need to get the raw elasticsearch query of saved searches. The exact query that is under inspect -> request in kibana)
In case of downtime in some of our services, we would like to restore the failed events using our logs.
For example, we would like to read millions of URIs from our logs and resend them, or read millions of Kafka messages (which we log) and re produce them to the relevant topic.
For that case, we want to be able to perform complicated searches in Kibana and then query elastic search in our code, get the relevant data, and re-fire the event.
I currently didn't find any way of getting the raw elasticsearch query of saved searches. Is there a way to do it?
Hello @Bat-Chen_Ozeri,
thanks for your question and welcome to our community.
Unfortunately there isn't an API to get the ES query directly from a saved search.
The request visualized in the inspector is the outcome of a various set of internal operation like parsing your filters, your query, pick the timerange, apply any kibana configuration like timezones and create the query.
to get the saved search object from kibana and create yourself an ES query out from that, but it can be a hard specially if you are using KQL/Kuery as query language.
If you want to experiment, you can also take a look at that package: https://github.com/elastic/kibana/tree/master/packages/kbn-es-query and use it to recreate the query. This is the underlaying package that takes filters and queries from the query/filter bar and generate the relative ES query.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.