Get Kibana queries to execute them later directly into ElasticSearch

We've been using Kibana (v6.4) for a while and found a way of integrating the application as an Iframe in our web application.

We got a new requirement where the user saves a "Search" and then we reuse the results of that search for internal tasks.

I saw the Kibana Object API, and I can retrieve the searches an User has stored, but it returns a result like:

{
        "id": "2e3fd100-3618-11e9-a719-419d60b7873d",
        "type": "search",
        "updated_at": "2019-02-21T20:35:09.456Z",
        "version": 1,
        "attributes": {
            "title": "Carlos Search",
            "description": "",
            "hits": 0,
            "columns": [
                "billingProduct"
            ],
            "sort": [
                "createdOn",
                "desc"
            ],
            "version": 1,
            "kibanaSavedObjectMeta": {
                "searchSourceJSON": "{\"index\":\"e8ec21c0-f996-11e8-950b-03302d77bc99\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"e8ec21c0-f996-11e8-950b-03302d77bc99\",\"type\":\"phrase\",\"key\":\"eventStatus\",\"value\":\"DELIVRD\",\"params\":{\"query\":\"DELIVRD\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"eventStatus\":{\"query\":\"DELIVRD\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
            }
        }
    }

If I want to use the searchSourceJSON directly into ElasticSearch it needs to be modified and still it doesn't have all the filters / Columns the user used when saving the "Search".

Is there a way to get the queries that Kibana executes when searching to be reused later on directly onto ElasticSearch?

There isn't nay way unless you do a MITM and intercept the request done to the Elasticsearch server. You can see the actual requests manually in the Dev Tools of your browser when loading a saved search.

I think there is a way to do this. It is how I take my Kibana queries and convert them to watcher searchers.
In version 6.5 and lower you can run your kibana query and then under the histogram there is a little arrow on the left. Click that and you'll have options for Table, Request, Response, and Statistics . If you click on Request you'll see the json behind your query.

In version 6.6 (and newer?) you can run your kibana query and then click Inspect in the top bar of kibana.

This will open a new box within kibana. Click the Request tab and then the json for your query will be in there.

In v6.6 (and newer?) there is a lot of extra formatting in the json so you'll have to sort through some of the json to cut out the parts you won't need.

Hope that helps!

Thanks, That's pretty much what I need, but in a programmatically way. Is there a way to do it? Like taking it from the back end and send the query to Elastic?

I've never tried but perhaps this thread will give you some ideas?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.