Grabbing objects from Kibana Saved Object Meta

Elastic Stack Kibana
1

Hello everyone!

I am working on a project that uses saved search objects in Kibana to construct queries to Elasticsearch queries. I have successfully been able to extract titles, columns, and sort details from saved search objects and inject them into a template query I am using to return raw data from the cluster - woot!

My last step in this project is snagging the "must" and "must not" objects used for filtering specific values from the KibanaSavedObjectMeta. I guess I'm currently stuck figuring out how to parse the "searchSourceJSON" into an object so I can grab the field values I need to filter on for each specific saved search. Could someone offer me some insight on how to correctly go about this?

Just for reference, this is the current template query I am building on using extracted objects

REQUEST BODY QUERY:
{
    "query": {
        "filtered": {
            "query": {
                "query_string": {
                    "analyze_wildcard": true,
                    "query": "*",
                    "lowercase_expanded_terms": false
                }
            },
            "filter": {
                "bool": {
                    "must": [
                    ],
                    "must_not": [
                    ]
                }
            }
        }
    },
    "size": 50000,
    "sort": [
    ],
    "_source": ["*"]
};

And a quick thank you to the Elastic team! Your documentation and personal replies have been incredibly helpful. Cheers to you all! :slight_smile:

2

What problems are you having with the filter values? Maybe you could share one you're not sure how to parse?

The gist is this; there are 3 ways that filters can be applied to a saved vis:

  • Query bar: This will show up as query.query_string. Anything the user types in the query bar at the top will be converted to an Elasticsearch query DSL for you, on that key, in the kibanaSavedObjectMeta.searchSourceJSON property.
  • Filter bar: This actually works similar, but it will add a filter property to kibanaSavedObjectMeta.searchSourceJSON, which again is simply the Elasticsearch query DSL that you can use directly.
  • Saved search: If your visualization was built on a saved search, then you won't have much in kibanaSavedObjectMeta.searchSourceJSON, besides any filters or query_string queries that have been applied. In this case, you will see a savedSearchId property with an ID that related to the saved search object. You can GET that record and use the kibanaSavedObjectMeta.searchSourceJSON from that object (merging it with any values in the visualization itself).

Hopefully that's helpful.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.