Hey fellas,
I have been doing my best refraining from posting on here because I am pretty sure somebody else has solved this problem or has had similar issues and fixed it with Google. Unfortunately I am not that good and am struggling so please, any help would be appreciated!
I have a bunch of queries in string form I need to check against Elasticsearch, They are something like this "((device: foo1 AND device: foo2) OR port :123)". There are hundreds of strings like this in dozens of text files that I need to use. I wrote a python script to print all of the strings out but not sure if I need to filter them more in order to search. My code is something like this:
curl -XGET localhost:9200/_search{string}.
The biggest issue is IF there is a hit on the string I need to pull out things like src_ip, dest_ip, application, etc, etc, etc.
I have the gui Kibana installed and if I copy and paste the strings I have from the text files, they work. Anybody have any suggestions on the best way to do this? I am decent with python but I am lost on this project.