Get Kibana queries to execute them later directly into ElasticSearch

Carlos_Lopez · February 22, 2019, 2:37pm

We've been using Kibana (v6.4) for a while and found a way of integrating the application as an Iframe in our web application.

We got a new requirement where the user saves a "Search" and then we reuse the results of that search for internal tasks.

I saw the Kibana Object API, and I can retrieve the searches an User has stored, but it returns a result like:

{
        "id": "2e3fd100-3618-11e9-a719-419d60b7873d",
        "type": "search",
        "updated_at": "2019-02-21T20:35:09.456Z",
        "version": 1,
        "attributes": {
            "title": "Carlos Search",
            "description": "",
            "hits": 0,
            "columns": [
                "billingProduct"
            ],
            "sort": [
                "createdOn",
                "desc"
            ],
            "version": 1,
            "kibanaSavedObjectMeta": {
                "searchSourceJSON": "{\"index\":\"e8ec21c0-f996-11e8-950b-03302d77bc99\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"e8ec21c0-f996-11e8-950b-03302d77bc99\",\"type\":\"phrase\",\"key\":\"eventStatus\",\"value\":\"DELIVRD\",\"params\":{\"query\":\"DELIVRD\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"eventStatus\":{\"query\":\"DELIVRD\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"
            }
        }
    }

If I want to use the searchSourceJSON directly into ElasticSearch it needs to be modified and still it doesn't have all the filters / Columns the user used when saving the "Search".

Is there a way to get the queries that Kibana executes when searching to be reused later on directly onto ElasticSearch?

Marius_Dragomir · February 22, 2019, 2:58pm

There isn't nay way unless you do a MITM and intercept the request done to the Elasticsearch server. You can see the actual requests manually in the Dev Tools of your browser when loading a saved search.

stiltz · February 22, 2019, 3:18pm

I think there is a way to do this. It is how I take my Kibana queries and convert them to watcher searchers.
In version 6.5 and lower you can run your kibana query and then under the histogram there is a little arrow on the left. Click that and you'll have options for Table, Request, Response, and Statistics . If you click on Request you'll see the json behind your query.

In version 6.6 (and newer?) you can run your kibana query and then click Inspect in the top bar of kibana.

This will open a new box within kibana. Click the Request tab and then the json for your query will be in there.

In v6.6 (and newer?) there is a lot of extra formatting in the json so you'll have to sort through some of the json to cut out the parts you won't need.

Hope that helps!

Carlos_Lopez · February 22, 2019, 3:56pm

Thanks, That's pretty much what I need, but in a programmatically way. Is there a way to do it? Like taking it from the back end and send the query to Elastic?

stiltz · February 22, 2019, 5:43pm

I've never tried but perhaps this thread will give you some ideas?

system · March 22, 2019, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.