Run queries against Kibana's Elasticsearch that gets logs from Logstash.
Run queries against Kibana's Elasticsearch that gets logs from Logstash. Forked from Wikia's kibana.py.
pip install elasticsearch-query
from elasticsearch_query import ElasticsearchQuery
es_query = ElasticsearchQuery(es_host='es.prod', since=12345, period=900, index_prefix='logstash-my-app')
es_host needs to be specified with a host of Elasticsearch instance to connect.
Provide either since (absolute timestamp) or period (last N seconds):
since: UNIX timestamp data should be fetched since (if None, then period specifies the last n seconds).period: period (in seconds) before now() to be used when since is empty (defaults to last 15 minutes).index_prefix argument will be used to build indices names to query in.
They should follow the index-name-YYYY.MM.DD naming convention, e.g. logstash-my-app-2014.08.19.
get_rowsReturns data matching the given query (provided as a
dict).
es_query.get_rows(match={"tags": 'edge-cache-requestmessage'}, limit=2000)
match: query to be run against log messages (ex. {"@message": "Foo Bar DB queries"}).limit: the number of results (defaults to 10).query_by_stringReturns data matching the given query string (provided as a Lucene query).
es_query.query_by_string(query='@message:"^PHP Fatal"', limit=2000)
es_query.query_by_string(query='@message:"^PHP Fatal"', fields=['@message', '@es_query_host'], limit=2000)
query: query string to be run against log messages (ex. @message:"^PHP Fatal").fields: optional list of fields to fetchlimit: the number of results (defaults to 10).query_by_sqlReturns data matching the given SQL query.
This feature requires non-OSS version of Elasticsearch ("To be clear, while the X-Pack source code is now available in the public repositories, it isn’t under an Open Source license").
es_query.query_by_sql(sql='SELECT host FROM "app-requests" WHERE host = \'app2.prod\'')
sql: SQL query to be runcountReturns number of matching entries
es_query.count(query='@message:"^PHP Fatal"')
elasticsearch-query comes with integration tests suite. .travis.yml will install elasticsearch OSS version and run them.
But you can also run it locally. Simply pass ES_TEST_HOST=<elasticsearch IP> env variable when running tests (make test).
FAQs
Run queries against Kibana's Elasticsearch that gets logs from Logstash.
We found that elasticsearch-query demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.