Querying Logstash Data in Elasticsearch Using Curl and JQ
Fonte: https://backdrift.org/querying-logstash-data-in-elasticsearch-using-curl-and-jq , em 29-07-2020
Today I came across the need to query logstash logs directly from elasticsearch. Here is a quick example of how to do so using curl and jq.
logstash-server:~$ cat search.sh curl -XGET 'localhost:9200/_search?pretty&size=10000' -d ' { "query": { "query_string" : { "query" : "facility:19,local3 AND @timestamp:[2019-08-04T03:00 TO 2019-08-04T03:15]" } }, "sort": ["@timestamp"] } ' |
logstash-server:~$ bash search.sh | jq '.hits.hits[]._source | {timestamp,host,level,message}' | head -20 |