Here I have a bash shell script containing a curl command that runs an Elasticsearch query.
curl -XGET "http://localhost:9200/index_name/_search?" -H 'Content-Type: application/json' -d'
{
"size": 0,
"aggs": {
"by ip": {
"terms": {
"field": "ip.keyword"
},
"aggs": {
"by date": {
"date_histogram": {
"field": "source time",
"interval": "day"
}
}
}
},
"range": {
"date_range": {
"field": "source time",
"ranges": [
{
"from": "2018-01-01", <---
"to": "now/d" <---
}
]
}
}
}
}'
Here I run my shell script in my Exec Input plugin.
input {
exec {
codec => "json"
command => "./Desktop/scripts/script-name.sh"
interval => 1800
}
}
The 2 range date fields (From and To) in my query are static and I would like to be able to run the shell script command with arguments that can replace the values in them dynamically.
Something like "./Desktop/scripts/script-name.sh/fromdate-value-goes-here/todate-value-goes-here"? I'm not sure if this is the right way. Any help is appreciated.