My problem is that I have just basic license, no alerts, and this is my personal project so no option to buy better license. I can do PHP/Bash script but problem is about query… KQL and doing some searchers in Kibana is nice and easy, but looks like curl for ES use diffrent query.
How deal with that? Can I somehow do query using crontab every 10 minutes to query ES for last 10 minutes? Best would be using created discovery queries in Kibana, if will return something for last 10 minutes I can deal with it in script. It is possible to curl ES for such disovery query from Kibana or something that will easy solve such problem?
GET /_search
{
"query": {
"query_string" : {
"query" : "city:((new york city) OR (big apple))",
"default_field" : "*"
}
}
}
Use the Simple query string query. Its syntax is more limited than the Lucene query string query and it does not return errors for invalid syntax. Instead, it ignores any invalid parts of the query string.
Use the Elasticsearch SQL CLI
It allows to write an SQL Query and return data in JSON, CSV, TEXT format
./bin/elasticsearch-sql-cli ...
Use the Elasticsearch SQL API with curl or any http client. You'll need to take care of the pagination in case the query returns more than one page.
It allows to write an SQL Query and return data in JSON, CSV, TEXT format
POST /_sql?format=txt
{
"query": "SELECT * FROM library ORDER BY page_count DESC LIMIT 5"
}
Hmm, but this SQL functions are in X-PACK, and I have this free basic license, so can I use it or not? I thought that if something is in X-PACK it is paid.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
