问题描述
我有查询Kibana中的特定事件查询,这个查询保存在其他搜索中,有没有办法通过例如REST调用以编程方式进行更改? h2_lin>解决方案
正如@Mohammad所说,与Kibana相关的所有元数据存储在弹性搜索集群中的 .kibana 索引下。所有搜索,可视化,仪表板都存储在 .kibana 索引中的各自类型中。例如,搜索记录在搜索下,输入 .kibana 索引。
通过执行以下命令获取所有搜索:
GET /。 kibana / search / _search
{
查询:{
match_all:{}
}
}
从上述结果中检索要更新查询的 search-id p>
现在,您可以使用 _update 更新具体的搜索 API如下所示:
POST /.kibana/search/<search-id>/_update
{
doc:{
kibanaSavedObjectMeta:{searchSourceJSON:{index:test - *,query:{query_string:{query ID:2\" , analyze_wildcard:真}}, 过滤器:[], 突出显示:{ pre_tags:[ @ kibana高亮场@], post_tags:[@ / kibana -highlighted-field @],fields:{*:{}},require_field_match:false,fragment_size:2147483647}}
}
}
}
如果你是一个,请考虑以下来自Kibana的警告消息不要高级用户:
I have query for searching specific occurrences in Kibana, this query is saved among other searches, is there a way I can change it programmatically via for example a REST call?
As @Mohammad said, All metadata related to Kibana is stored under .kibana index in elasticsearch cluster. All searches, visualization, dashboards are stored in their respective types in .kibana index. e.g searches are stored under search type in .kibana index.
Get all searches by executing following command:
GET /.kibana/search/_search
{
"query": {
"match_all": {}
}
}
Retrieve search-id for which you want to update the query from the above results.
Now you can update that specific search document by using _update API as shown below:
POST /.kibana/search/<search-id>/_update
{
"doc" : {
"kibanaSavedObjectMeta":{ "searchSourceJSON": """{"index":"test-*","query":{"query_string":{"query":"id:2","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}"""
}
}
}
Consider the following warning message from Kibana if you are not advanced user:
这篇关于如何更改更改Kibana保存的搜索(Discover)与REST请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!