Learn more about Streama© – the foundational technology behind our stateful streaming data platform. Learn More

Elastic API

Coralogix provides an Elastic API that allows you to query your hosted Elasticsearch instances securely and with ease. 

In order to use ElasticSearch API, you must add a Coralogix token (Settings –> Account –> API Access –> Logs Query Key) with each HTTP call.

 .com.us.in
Elasticsearch-APIhttps://coralogix-esapi.coralogix.com:9443https://esapi.coralogix.us:9443https://es-api.app.coralogix.in:9443
SSL Certificateshttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-EU.crthttps://www.amazontrust.com/repository/AmazonRootCA1.pemhttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-IN
.pem
coralogix.comcoralogix.usapp.coralogix.in

How to query your Coralogix elastic API: 

The Index in the Endpoint  is a variable. You can put there the name of  log2metrics index  (*:*_log_metrics*) if you are querying Log2metrics index or (*) if you are querying the regular index.

curl -H 'token:YOUR LOGS API KEY' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
                {
                    "term": {
                        "coralogix.metadata.applicationName": "PROD"
                    }
                },
                {
                    "range": {
                        "coralogix.timestamp": {
                            "gte": "now-15m",
                            "lt": "now"
                        }
                    }
                }
            ]
        }
    },
    "aggs": {
        "severities": {
            "terms": {
                "field": "coralogix.metadata.severity"
            }
        }
    }
}' 'Elasticsearch-api/Index/_search'

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
        {
            "match": {
                "text": "created"
            }
        },
                {
            "range": {
                "coralogix.timestamp": {
                    "gte": "now-15m", 
                    "lt": "now"
                    }
                }
             }
            ]
        }
    }
}' 'Elasticsearch-api/Index/_search'

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "filter":[{
                "query_string": {
                    "query": "YOUR QUERY"
                }
             },
                {
            "range": {
                "coralogix.timestamp": {
                    "gte": "2019-10-23T14:00:00",
                    "time_zone": "+03:00"
                }
            }
                }
            ]
        }
    }
}' 'Elasticsearch-api/Index/_search'

How to use scroll API:

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
	"size": 1000,
	"query": {
		"bool": {
			"filter": [{
					"query_string": {
						"query": "YOUR QUERY"
					}
				},
				{
					"range": {
						"coralogix.timestamp": {
							"gte": "now-24h",
							"lt": "now"
						}
					}
				}
			]
		}
	}
}' 'Elasticsearch-api/Index/_search?scroll=5m'

You will receive the first batch of the logs along with a new field in the root of the response named _scroll_id. That scroll_id should be used in the following requests to create the pagination and get the next log batches. You should repeat the second request until all logs are retrieved.

curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{

    "scroll": "5m",
    "scroll_id": "YOUR_SCROLL_ID"

}' '​Elasticsearch-api/_search/scroll'​

The Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations:

  • Supports only POST requests
  • supported top-level elements of the Search API: query, from, size, sort, _source, post_filter, aggsaggregations
  • The sum of the top-level elements ‘from’ and ‘size’ cannot be greater than 12000
  • allow_leading_wildcard element in query_string query is not allowed.
  • Wildcard queries can’t start with ‘*’ or ‘?’
  • Regex queries can’t start with ‘.*’ or ‘.?’
  • max_determinized_states element inside regex queries is not allowed.
  • Size element for bucket aggregations cannot be greater than 1200.
  • The bucket aggregation of the type significant_terms is not allowed.
  • Nesting of the following bucket aggregations 3 or more times is not allowed: date_histogram, geohash_grid, histogram, ip_ranges, and terms.
  • fuzzy_max_expansions element in query_string query is not allowed.
  • Max_expansions element in a fuzzy query is not allowed.
  • When specifying the URL query param ’scroll’ it can not be greater than 6m.
  • To retrieve the accurate number of hits of your query add to your request: “track_total_hits”:true
  • If you are running ES-API requests with scripts note that there is a 160 requests limit per 30 seconds.

When using the Scroll API _search/scroll

  • supported top-level elements of the Scroll API: size, scroll, scroll_id
  • scroll element cannot be greater than 6m
  • size element cannot be greater than 12000

Elastic API query tutorials: 

1) Search API tutorial

2) Aggregations API tutorial