elastic-query-export icon indicating copy to clipboard operation
elastic-query-export copied to clipboard

Published 20 hours ago verified publisher icon pteich

sample with raw query

Open starlessboi opened this issue 2 years ago • 1 comments

Hi thanks for you amazing job I have a use case that need to export data with a given raw query like this: { "query": { "query_string": { "query": "source : x.x.x.x " } }, "fields": [ "@timestamp", "source.address", "user.id" ], "_source": false } ' how can I do this? can you give a sample? thanks in advance

starlessboi avatar Apr 26 '22 13:04 starlessboi

you can try like this elastic-query-export -r '{"bool":{"must":[],"filter":[{"bool":{"should":[{"match_phrase":{"message":"屈臣氏"}}],"minimum_should_match":1}}],"should":[],"must_not":[]}}'

ggsongnail avatar Jun 25 '22 17:06 ggsongnail