hi everyone,
I'm newbie on Kibana... I need to get data from a query ouside the Kibana environment.
The following query works fine running on 'Dev Tools' and give me the right value (number of hits)
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now/d+7h+30m",
"lt": "now/d+17h+30m"
}
}
},
{
"query_string": {
"query": ""SocketTimeoutException invoking http://:8810/LifeGoals"",
"analyze_wildcard": true,
"default_operator": "AND",
"default_field": "message",
"auto_generate_phrase_queries": true,
"split_on_whitespace": true
}
}
]
}
}
}
I have tried to run the same query by CURL and a REST client (outside Kibana), but the outcome is incorrect and the number of hits is wrong.
Probably there is some index (maybe) that is set by default inside Kibana environment, how you can see (I cannot copy more from output because are internet banking sensible data) from Kibana
"took": 2803,
"timed_out": false,
"_shards": {
"total": 6417,
"successful": 6417,
"skipped": 6295,
"failed": 0
},
"hits": {
"total": 20,
"max_score": 48.25227,
"hits": [
{
"_index": "cdil0-application-2019.02.19",
"_type": "log",
"source": "/produzione/xxxxx/xxxx/logs/weblogic/xxx/1.0.363/arch_core_base_1.0.363.log",
while the output from the REST client gives
"took": 14,
"timed_out": false,
"_shards": {
"total": 8,
"successful": 8,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 8369386,
"max_score": 1.0,
"hits": [{
"_index": "cdil0-application-2019.02.19",
"_type": "log",
"source": "/produzione/xxxxxx/xxxx/logs/weblogic/xxxx/1.0.362/arch_session_1.0.362.log",
the same "_index", but field "source" is different.
what is my error ?
Thanks in advance