I do my scripting in python, usually using the elaticsearch-dsl. I want to convert a simple query to Powershell to share with some non-python users.
If I could find a simple query that uses the scroll API, I could use it as a starting point, but all the examples I find seem to be unduly complicated.
Here's the central logic of my python:
s = Search(using=es, index = 'winlogbeat-*') \
.query("match", source_name="MSExchange CmdletLogs") \
.query("exists", field="event_data.param12") \
.filter("range", ** {'@timestamp': {'gte': 'now-24h/m', 'lt': 'now/m'}})
for hit in s.scan():
if "needle" in hit["event_data"]["param12"]:
....
Basically, I need to do a text search on the param12 field but it's stored as a keyword. I can shrink the sample down to a few 1000 events in the elasticsearch query and text scan those results quickly.
So, I just need a simple example to start with 
Thanks