Run Python Script from Kibana interface using a Variable

Hello there,
Is there any possible way to run a Python Script placed in the Kibana node Server, from the Kibana Interface?

My scenario is this:

  • User Search for a Specific IP Address from an index
  • When IP is selected, User click on it or (some SUBMIT button), and the Kibana Run the Python Script taking the IP Address Value as a variable.

The feature is needed to enable Detailed Logging for a specific IP Address on-demand by the User.


Hi @jorj,

this is an interesting use case. It won't be trivial to implement this because it's not officially supported. Here are some pieces you would need to do this:

It's possible to create new routes on the Kibana server by installing plugins. Check out the default plugin created by the plugin generator, it contains a server route. You can register a javascript callback that will be called if a request is sent to the path of your registered route. From there you can invoke your python script from javascript and forward the paramater - this blog post for example shows how this can be done.

To actually trigger the server side route your Kibana plugin also needs a client side part that listens to created filters and calls the server side route if the filter is created. The plugin generator will also generate examplary client side code you can start with. In your case the hack.js file would be the right place to start because it will be included into each page of Kibana. Currently there is no stable API to get notified when a filter changes - it would be possible to integrate with the Kibana app using angular dependency injection and the appState service, but that API will be removed soon in an upcoming version. The easiest way to hook into this right now would be to listen for URL changes because all filters are persisted in the URL. By parsing the _a and _g parameters as rison, you get an object back containing the filters.

E.g. in this URL http://localhost:5301/ihx/app/kibana#/discover?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(columns:!(_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:ff959d40-b880-11e8-a6d9-e546fe2bba5f,key:ip,negate:!f,params:(query:''),type:phrase),query:(match_phrase:(ip:'')))),index:ff959d40-b880-11e8-a6d9-e546fe2bba5f,interval:auto,query:(language:kuery,query:''),sort:!(!(order_date,desc))) the filter ip: encoded. By checking the value of these objects on every url change, you can detect when an ip filter is changed. Then you can use the kfetch (import { kfetch } from 'ui/kfetch';) utility to call your server side route.

Be aware though that all client side logic like this can be circumvented by a malicious user (e.g. blocking the request to your server side route), so if that's an issue for your use case, you should move all logic to the server side (e.g. by intercepting search requests made to Elasticsearch with a proxy server)

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.