Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
478 views
in Technique[技术] by (71.8m points)

curl - How to query elasticsearch for a specific kibana visualization data?

In our cluster's kibana dashboard, I see a visualization which gives me the total count of incoming traffic to an application. What I want is to get the same incoming traffic count using a curl call so that I can automate some reporting. To do so, first I inspect the visualization and click on request, below is what I got

{
  "aggs": {},
  "size": 0,
  "_source": {
    "excludes": []
  },
  "stored_fields": [
    "*"
  ],
  "script_fields": {},
  "docvalue_fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    },
    {
      "field": "time",
      "format": "date_time"
    }
  ],
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "bool": {
            "filter": [
              {
                "bool": {
                  "must_not": {
                    "bool": {
                      "should": [
                        {
                          "query_string": {
                            "fields": [
                              "remote_addr"
                            ],
                            "query": "\1\0\.\0\.*"
                          }
                        }
                      ],
                      "minimum_should_match": 1
                    }
                  }
                }
              },
              {
                "bool": {
                  "filter": [
                    {
                      "bool": {
                        "must_not": {
                          "bool": {
                            "should": [
                              {
                                "query_string": {
                                  "fields": [
                                    "remote_addr"
                                  ],
                                  "query": "\1\0\0\.\0\.*"
                                }
                              }
                            ],
                            "minimum_should_match": 1
                          }
                        }
                      }
                    },
                    {
                      "bool": {
                        "filter": [
                          {
                            "bool": {
                              "must_not": {
                                "bool": {
                                  "should": [
                                    {
                                      "match_phrase": {
                                        "upstream_addr.keyword": “IP_ADDR:PORT”
                                      }
                                    }
                                  ],
                                  "minimum_should_match": 1
                                }
                              }
                            }
                          },
                          {
                            "bool": {
                              "filter": [
                                {
                                  "bool": {
                                    "must_not": {
                                      "bool": {
                                        "should": [
                                          {
                                            "match_phrase": {
                                              "upstream_addr.keyword": “IP_ADDR:PORT”
                                            }
                                          }
                                        ],
                                        "minimum_should_match": 1
                                      }
                                    }
                                  }
                                },
                                {
                                  "bool": {
                                    "filter": [
                                      {
                                        "bool": {
                                          "must_not": {
                                            "bool": {
                                              "should": [
                                                {
                                                  "match_phrase": {
                                                    "upstream_addr.keyword": “IP_ADDR:PORT”
                                                  }
                                                }
                                              ],
                                              "minimum_should_match": 1
                                            }
                                          }
                                        }
                                      },
                                      {
                                        "bool": {
                                          "must_not": {
                                            "bool": {
                                              "should": [
                                                {
                                                  "match_phrase": {
                                                    "upstream_addr.keyword": “IP_ADDR:PORT”
                                                  }
                                                }
                                              ],
                                              "minimum_should_match": 1
                                            }
                                          }
                                        }
                                      }
                                    ]
                                  }
                                }
                              ]
                            }
                          }
                        ]
                      }
                    }
                  ]
                }
              }
            ]
          }
        },
        {
          "match_all": {}
        },
        {
          "match_phrase": {
            "kubernetes.labels.app.keyword": {
              "query": "kong"
            }
          }
        },
        {
          "exists": {
            "field": "status"
          }
        },
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2021-01-05T09:32:46.946Z",
              "lte": "2021-01-05T09:47:46.946Z"
            }
          }
        }
      ],
      "should": [],
      "must_not": [
        {
          "bool": {
            "should": [
              {
                "match_phrase": {
                  "http_user_agent": "CloudWatchSynthetics"
                }
              },
              {
                "match_phrase": {
                  "http_user_agent": "Amazon-Route53-Health-Check-Service"
                }
              }
            ],
            "minimum_should_match": 1
          }
        }
      ]
    }
  }
}

Now, I took this request body, and made a curl call to elasticsearch like below

curl -u elastic:password -x GET "localhost:9200/_mget?pretty" -H 'Content-Type: application/json' -d'
<request_body_that_I_have_pasted_above>
'

But, this throws below error

{
  "error" : {
    "root_cause" : [
      {
        "type" : "parsing_exception",
        "reason" : "unexpected token [START_OBJECT], expected [FIELD_NAME] or [START_ARRAY]",
        "line" : 3,
        "col" : 11
      }
    ],
    "type" : "parsing_exception",
    "reason" : "unexpected token [START_OBJECT], expected [FIELD_NAME] or [START_ARRAY]",
    "line" : 3,
    "col" : 11
  },
  "status" : 400
}

Is my approach right? what am I doing wrong here?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...