Returning proper information?

jmgarcia · February 28, 2018, 5:00pm

I have been tasked with a huge project and I am clueless. Pretty much I need to take lines of a file and use them to search Kibana. I have found the dev console, which is great, but I seem to not be getting the results I need... IF there is a hit from the query, say "test1 OR test2", I need the output to give me the src_ip, dest_ip, application along with some other information. I also need to somehow download this in readable forms.

Here is an example of my code that I am using to "search":

GET /_search
{
    "query": {
        "query_string" : {
            "fields" : ["src_ip","dst_ip","Application"],
            "query" : "devicename: (test1 OR test2) AND policy_id: 15561"
        }
    }
}

This is the output of what I am getting:

{
  "took": 163,
  "timed_out": false,
  "_shards": {
    "total": 1791,
    "successful": 1791,
    "failed": 0
  },
  "hits": {
    "total": 0,
    "max_score": null,
    "hits": []
  }
}

Joe_Fleming · March 1, 2018, 7:12pm

Can you share what your data looks like? It's useful to know how you're index data into Elasticsearch to help figure out how to find the information you're trying to get.

jmgarcia · March 1, 2018, 7:45pm

To be honest, I am not sure sure how to respond to your question, I will share whatever I can with you though. Could you provide an example maybe?

system · March 29, 2018, 7:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Querying Elasticsearch	1	306	March 28, 2018
Get data from Kibana using Elasticsearch API Elasticsearch	6	1994	March 23, 2021
ElasticSearch curl return nothing data Elasticsearch	1	721	February 4, 2020
Simple compound search in Kibana Kibana	3	1521	February 21, 2017
Kibana Dashboard question Kibana	4	807	July 6, 2017

Returning proper information?

Related topics