Elastic API

  • coralogix

Coralogix provides an Elastic API which allows you to query your hosted Elasticsearch instances securely and with ease. 

In order to use ElasticSearch API you must add Coralogix token with each HTTP call.

How to query your Coralogix elastic api: 

curl -H 'token:YOUR COMPANY PRIVATE KEY' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
                {
                    "term": {
                        "coralogix.metadata.applicationName": "PROD"
                    }
                },
                {
                    "range": {
                        "coralogix.timestamp": {
                            "gte": "now-15m",
                            "lt": "now"
                        }
                    }
                }
            ]
        }
    },
    "aggs": {
        "severities": {
            "terms": {
                "field": "coralogix.metadata.severity"
            }
        }
    }
}' 'https://coralogix-esapi.coralogix.com:9443/*/_search'


curl -H 'token:YOUR COMPANY PRIVATE KEY' -H "Content-type: application/json" -d '{
    "query": {
        "bool": {
            "must":
            [
        {
            "match": {
                "text": "created"
            }
        },
                {
            "range": {
                "coralogix.timestamp": {
                    "gte": "2018-10-23T14:00:00",
                    "time_zone": "+03:00"
                }
            }
                }
            ]
        }
    }
}' 'https://coralogix-esapi.coralogix.com:9443/*/_search'

The Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations:

  • supported top-level elements of the Search API: query, from, size, sort, _source, post_filter, aggsaggregations
  • The sum of the top-level elements ‘from’ and ‘size’ cannot be greater than 12000
  • allow_leading_wildcard element in query_string query is not allowed.
  • Wildcard queries can’t start with ‘*’ or ‘?’
  • Regex queries can’t start with ‘.*’ or ‘.?’
  • max_determinized_states element inside regex queries is not allowed.
  • Size element for bucket aggregations cannot be greater than 1200.
  • The bucket aggregation of the type significant_terms is not allowed.
  • Nesting of the following bucket aggregations 3 or more times is not allowed: date_histogram, geohash_grid, histogram, ip_ranges, and terms.
  • fuzzy_max_expansions element in query_string query is not allowed.
  • max_exapnsions element in a fuzzy query is not allowed.
  • When specifying the URL query param ’scroll’ it can not be greater than 6m.

When using the Scroll API _search/scroll

  • supported top-level elements of the Scroll API: size, scroll, scroll_id
  • scroll element cannot be greater than 6m
  • size element cannot be greater than 12000

Elastic API query tutorials: 

1) Search API tutorial

2) Aggregations API tutorial 

Signup to Coralogix

Related Posts:

WordPress Lightbox