Manually run kibana request or use kibana API?

nsur1 · November 3, 2017, 3:38pm

I have a visualization created in Kibana and I wanted to know if I can take the request that kibana sends to elastic search and run that request manually? Currently when I do that, elasticsearch throws exceptions. I would like to basically have a way to get a csv version of this visualization. I was assuming that there were two ways about this; one would be to run the request directly to elastic search to fetch the data, or, two, if there was a kibana api which I can call that exports the csv of this already created visualization.

Here is the request that causes elastic search to throw exceptions:

{
"query": {
"bool": {
  "must": [
    {
      "query_string": {
        "analyze_wildcard": true,
        "query": "*"
      }
    },
    {
      "range": {
        "@timestamp": {
          "gte": 1509681600000,
          "lte": 1509767999999,
          "format": "epoch_millis"
        }
      }
    }
  ],
  "must_not": []
}
},
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"3": {
  "terms": {
    "script": {
      "inline": "return doc['srcAS.asn'].value + '-' + doc['dstAS.asn'].value",
      "lang": "painless"
    },
    "size": 10,
    "order": {
      "2": "desc"
    },
    "valueType": "string"
  },
  "aggs": {
    "2": {
      "sum": {
        "field": "PacketSize",
        "script": "doc['PacketSize'].value * doc['SampleRate'].value * 0.000000000001"
      }
    }
  }
}
}
}

nsur1 · November 3, 2017, 3:54pm

I think it could be because I am running the request as:
curl -XGET "http://localhost:9200/_search?pretty" -d '{INSERT_QUERY_HERE}'
In the query, there are single quotes which conflict with the outer single quotes. What is the best way to resolve this?

nsur1 · November 3, 2017, 4:01pm

I was able to resolve the thrown exceptions problem by changing the single quotes with the escape character and a double quotes. Just curious though, is there still an API that I can call to export the csv data of my visualizations?

weltenwort · November 3, 2017, 4:15pm

Hi @nsur1,

glad to see you were able to resolve your problem. The ability to generate reports in the CSV format via the X-Pack reporting plugin will be part of the soon-to-come 6.0 release. They can be triggered via the UI, via a webhook or a watch (from X-Pack watcher).

system · December 1, 2017, 4:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.