I want to use http_poller to do the equivalent of this:
curl -XGET 'http://esnode:9200/_all/_search?pretty' -d '{
"query": {
"term": {
"type" : "syslog"
}
}
}'
Basically, I want the full power of the Elasticsearch search api.
Using the URI search feature does work. But I think it would be hard to get very complicated in your searches.
Any suggestions? Am I missing something obvious in the docs?
Thanks!
Suggestions for what, exactly?
On how to send the -d part of the curl call via http_poller.
input {
http_poller {
interval => 30
urls => {
test1 => {
url => "http://esnode:9200/_all/_search?q=type:syslog"
method => get
}
}
codec => "json"
}
}
output {
stdout { codec => "rubydebug" }
}
Works just fine. But how would I replace the q=type:syslog with what's in the -d '...' part of my example curl call?
I don't want to encode the query in the url. The request body search syntax is a lot easier to understand when you have lots of search parameters.
For example, I'm really not sure how to change this search into something that works in the url.
curl -XGET 'http://node:9200/_all/_search?pretty' -d '{
"query":{
"range":{
"date":{
"gt":"now-1m/m"
},
"mem.actual_used_p": {
"gte":0.25
}
}
}
}'
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.