I am using python elasticsearch client to query.
https://elasticsearch-py.readthedocs.io/en/master/
Everything works fine except using queries string as variable. Sorry if this is more python question.
This works well.
index_name = "logstash-abc-*"
res = es.search(index=index_name, body={"query": {"bool": {"filter": [{"term": {"message": "ssh",}},{"term": {host: "admin01",}},]}}})
I want {"term": {"message": "ssh",}} part as a variable and preset 10+ patterns.
Something like this.
index_name = "logstash-abc-*"
q1 = "{\"term\": {\"message\": \"ssh\",}}"
q2 = "{\"term\": {\"syslog_ip\": \"192.168.0.100\",}}"
res = es.search(index=index_name, body={"query": {"bool": {"filter": [q1,q2,{"term": {host: "admin01",}},]}}})
Looks like q1 and q2 are ignored in search query. Can you use variable in the es search query?
How can you check what a full request query string sent?
Thanks for your help in advance.