Elastic API

Tutorials
Dev Tools
Elastic API

Coralogix provides an Elastic API that allows you to query your hosted Elasticsearch instances securely and with ease.

In order to use ElasticSearch API, you must add a Coralogix token (Settings –> Account –> API Access –> Logs Query Key) with each HTTP call.

.com .us .in

Elasticsearch-API https://coralogix-esapi.coralogix.com:9443 https://esapi.coralogix.us:9443 https://es-api.app.coralogix.in:9443

SSL Certificates https://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-EU.crt https://www.amazontrust.com/repository/AmazonRootCA1.pem https://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-IN
.pem

Cluster URL coralogix.com coralogix.us app.coralogix.in

	.com	.us	.in
Elasticsearch-API	https://coralogix-esapi.coralogix.com:9443	https://esapi.coralogix.us:9443	https://es-api.app.coralogix.in:9443
SSL Certificates	https://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-EU.crt	https://www.amazontrust.com/repository/AmazonRootCA1.pem	https://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-IN .pem
Cluster URL	coralogix.com	coralogix.us	app.coralogix.in

How to query your Coralogix elastic API:

The Index in the Endpoint is a variable. You can put there the name of log2metrics index (*:*_log_metrics*) if you are querying Log2metrics index or (*) if you are querying the regular index.

curl -H 'token:YOUR LOGS API KEY' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
                {
                    "term": {
                        "coralogix.metadata.applicationName": "PROD"
                    }
                },
                {
                    "range": {
                        "coralogix.timestamp": {
                            "gte": "now-15m",
                            "lt": "now"
                        }
                    }
                }
            ]
        }
    },
    "aggs": {
        "severities": {
            "terms": {
                "field": "coralogix.metadata.severity"
            }
        }
    }
}' 'Elasticsearch-api/Index/_search'

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
        {
            "match": {
                "text": "created"
            }
        },
                {
            "range": {
                "coralogix.timestamp": {
                    "gte": "now-15m", 
                    "lt": "now"
                    }
                }
             }
            ]
        }
    }
}' 'Elasticsearch-api/Index/_search'

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "filter":[{
                "query_string": {
                    "query": "YOUR QUERY"
                }
             },
                {
            "range": {
                "coralogix.timestamp": {
                    "gte": "2019-10-23T14:00:00",
                    "time_zone": "+03:00"
                }
            }
                }
            ]
        }
    }
}' 'Elasticsearch-api/Index/_search'

How to use scroll API:

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
	"size": 1000,
	"query": {
		"bool": {
			"filter": [{
					"query_string": {
						"query": "YOUR QUERY"
					}
				},
				{
					"range": {
						"coralogix.timestamp": {
							"gte": "now-24h",
							"lt": "now"
						}
					}
				}
			]
		}
	}
}' 'Elasticsearch-api/Index/_search?scroll=5m'

You will receive the first batch of the logs along with a new field in the root of the response named _scroll_id. That scroll_id should be used in the following requests to create the pagination and get the next log batches. You should repeat the second request until all logs are retrieved.

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{

    "scroll": "5m",
    "scroll_id": "YOUR_SCROLL_ID"

}' 'Elasticsearch-api/_search/scroll'

The Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations:

Supports only POST requests
supported top-level elements of the Search API: query, from, size, sort, _source, post_filter, aggs, aggregations
The sum of the top-level elements ‘from’ and ‘size’ cannot be greater than 12000
allow_leading_wildcard element in query_string query is not allowed.
Wildcard queries can’t start with ‘*’ or ‘?’
Regex queries can’t start with ‘.*’ or ‘.?’
max_determinized_states element inside regex queries is not allowed.
Size element for bucket aggregations cannot be greater than 1200.
The bucket aggregation of the type significant_terms is not allowed.
Nesting of the following bucket aggregations 3 or more times is not allowed: date_histogram, geohash_grid, histogram, ip_ranges, and terms.
fuzzy_max_expansions element in query_string query is not allowed.
Max_expansions element in a fuzzy query is not allowed.
When specifying the URL query param ’scroll’ it can not be greater than 6m.
To retrieve the accurate number of hits of your query add to your request: “track_total_hits”:true
If you are running ES-API requests with scripts note that there is a 160 requests limit per 30 seconds.

How to query your Coralogix elastic API:

How to use scroll API:

The Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations:

When using the Scroll API _search/scroll

Elastic API query tutorials: