Coralogix provides an Elastic API that allows you to query your hosted Elasticsearch instances securely and with ease.
How to query your Coralogix Elastic API:
In order to use the Elasticsearch API it is necessary to:
Add a Coralogix token with each HTTP request. This key is found under: Data Flow –> API Keys –> Logs Query Key.
Use the Elasticsearch API endpoint for your Team per the following table:
Cluster your team URL
The Index is a variable in the in the Endpoint. You can put there for example the name of the log2metrics index (*:*_log_metrics*) if you are querying Log2metrics index, or (*) if you are querying the regular index.
max_determinized_states element inside regex queries is not allowed.
Size element for bucket aggregations cannot be greater than 1200.
The bucket aggregation of the type significant_terms is not allowed.
Nesting of the following bucket aggregations 3 or more times is not allowed: date_histogram, geohash_grid, histogram, ip_ranges, and terms.
fuzzy_max_expansions element in query_string query is not allowed.
Max_expansions element in a fuzzy query is not allowed.
When specifying the URL query param ’scroll’ it can not be greater than 6m.
To retrieve the accurate number of hits of your query add to your request: “track_total_hits”:true.
If you are running Elasticsearch API requests with scripts note that there is a 160 requests limit per 30 seconds.
When using the scroll API _search/scroll
Supported top-level elements of the scroll API: size, scroll, scroll_ids.
Scroll element cannot be greater than 6m (Please note that this value is the maximum amount of time the _scroll_id will be valid after the last scroll API request. If for example a script is used for the second request, over and over again, then this time limit will have no effect. The countdown starts when the scroll API requests stop. When the time expires, let’s say it was set originally to 6 minutes, then if an additional scroll API request is sent, it will fail, as the _scroll_id is no longer valid).