From 72b9fa400e82fd35ed2d1b7de967ac6e4c660a43 Mon Sep 17 00:00:00 2001 From: inggilove <30827218+inggilove@users.noreply.github.com> Date: Mon, 24 Aug 2020 08:15:30 +0900 Subject: [PATCH 1/3] update query for Elasticsearch 7.x With Elasticsearch 7.x or Open Distro for Elasticsearch 1.x, Invalid query parameter is updated --- src/pages/kb/data-sources/elasticsearch.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/pages/kb/data-sources/elasticsearch.md b/src/pages/kb/data-sources/elasticsearch.md index 5f8681678..c72409180 100644 --- a/src/pages/kb/data-sources/elasticsearch.md +++ b/src/pages/kb/data-sources/elasticsearch.md @@ -22,11 +22,12 @@ source of type `Elasticsearch`. { "index": "twitter", "query": "user:kimchy", - "fields": ["@timestamp", "tweet", "user"], - "limit": 15, - "sort": "@timestamp:asc" + "_source": ["@timestamp", "tweet", "user"], + "size": 15, + "sort": {"@timestamp:asc"} } ``` + - In Elasticsearch of 6.x or lower, "_source" parameter should be "field" and "size" be "limit". ## Simple query on a logstash Elasticsearch instance: @@ -42,9 +43,9 @@ source of type `Elasticsearch`. { "index": "logstash-2015.04.*", "query": "type:events AND eventName:UserUpgrade AND channel:selfserve", - "fields": ["@timestamp", "userId", "channel", "utm_source", "utm_medium", "utm_campaign", "utm_content"], - "limit": 250, - "sort": "@timestamp:asc" + "_source": ["@timestamp", "userId", "channel", "utm_source", "utm_medium", "utm_campaign", "utm_content"], + "size": 250, + "sort": {"@timestamp:asc"} } ``` @@ -64,12 +65,12 @@ source of type `Elasticsearch`. "user": "kimchy" } }, - "fields": ["@timestamp", "tweet", "user"], - "limit": 15, - "sort": "@timestamp:asc" + "_source": ["@timestamp", "tweet", "user"], + "size": 15, + "sort": {"@timestamp:asc"} } ``` ## A note on authentication -Redash has two data sources available for Elasticsearch. You need to use the Amazon Elasticsearch service source if you're using IAM based authentication. Otherwise, use the standard data source. \ No newline at end of file +Redash has two data sources available for Elasticsearch. You need to use the Amazon Elasticsearch service source if you're using IAM based authentication. Otherwise, use the standard data source. From 79bb2a4ce2960413d7d60eb131018bfc2eac5c53 Mon Sep 17 00:00:00 2001 From: Jesse Date: Mon, 24 Aug 2020 15:24:23 -0500 Subject: [PATCH 2/3] Revises wording --- src/pages/kb/data-sources/elasticsearch.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/kb/data-sources/elasticsearch.md b/src/pages/kb/data-sources/elasticsearch.md index c72409180..489fb77de 100644 --- a/src/pages/kb/data-sources/elasticsearch.md +++ b/src/pages/kb/data-sources/elasticsearch.md @@ -27,7 +27,7 @@ source of type `Elasticsearch`. "sort": {"@timestamp:asc"} } ``` - - In Elasticsearch of 6.x or lower, "_source" parameter should be "field" and "size" be "limit". + - In Elasticsearch 6.x or lower, `_source` should be `field` and `size` should be `limit`. ## Simple query on a logstash Elasticsearch instance: From b81f0204beb807fe793aa9a2b60ce87dcd66777a Mon Sep 17 00:00:00 2001 From: "Restyled.io" Date: Mon, 24 Aug 2020 20:24:32 +0000 Subject: [PATCH 3/3] Restyled by prettier-markdown --- src/pages/kb/data-sources/elasticsearch.md | 56 ++++++++++++---------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/src/pages/kb/data-sources/elasticsearch.md b/src/pages/kb/data-sources/elasticsearch.md index 489fb77de..b667f75ec 100644 --- a/src/pages/kb/data-sources/elasticsearch.md +++ b/src/pages/kb/data-sources/elasticsearch.md @@ -4,19 +4,19 @@ parent_category: data-sources title: Elasticsearch slug: elasticsearch --- + Redash supports two flavors of Elasticsearch queries, Lucene/string style queries (like Kibana) and the more elaborate JSON based queries. For the first -one create a data source of type `Kibana` and for the later create data -source of type `Elasticsearch`. +one create a data source of type `Kibana` and for the later create data source +of type `Elasticsearch`. ## String query example: -* Query the index named “twitter” -* Filter by “user:kimchy” -* Return the fields: “@timestamp”, “tweet” and “user” -* Return up to 15 results -* Sort by @timestamp ascending - +- Query the index named “twitter” +- Filter by “user:kimchy” +- Return the fields: “@timestamp”, “tweet” and “user” +- Return up to 15 results +- Sort by @timestamp ascending ```json { @@ -27,19 +27,21 @@ source of type `Elasticsearch`. "sort": {"@timestamp:asc"} } ``` - - In Elasticsearch 6.x or lower, `_source` should be `field` and `size` should be `limit`. - + +- In Elasticsearch 6.x or lower, `_source` should be `field` and `size` should + be `limit`. ## Simple query on a logstash Elasticsearch instance: - * Query the index named “logstash-2015.04.* (in this case its all of April 2015) - * Filter by type:events AND eventName:UserUpgrade AND channel:selfserve - * Return fields: “@timestamp”, “userId”, “channel”, “utm_source”, “utm_medium”, “utm_campaign”, “utm_content” - * Return up to 250 results - * Sort by @timestamp ascending +- Query the index named “logstash-2015.04.\* (in this case its all of + April 2015) +- Filter by type:events AND eventName:UserUpgrade AND channel:selfserve +- Return fields: “@timestamp”, “userId”, “channel”, “utm_source”, “utm_medium”, + “utm_campaign”, “utm_content” +- Return up to 250 results +- Sort by @timestamp ascending - -```json +```json { "index": "logstash-2015.04.*", "query": "type:events AND eventName:UserUpgrade AND channel:selfserve", @@ -51,13 +53,13 @@ source of type `Elasticsearch`. ## JSON document query on a ElasticSearch instance: - * Query the index named “twitter” - * Filter by user equal “kimchy” - * Return the fields: “@timestamp”, “tweet” and “user” - * Return up to 15 results - * Sort by @timestamp ascending - -```json +- Query the index named “twitter” +- Filter by user equal “kimchy” +- Return the fields: “@timestamp”, “tweet” and “user” +- Return up to 15 results +- Sort by @timestamp ascending + +```json { "index": "twitter", "query": { @@ -70,7 +72,9 @@ source of type `Elasticsearch`. "sort": {"@timestamp:asc"} } ``` - + ## A note on authentication -Redash has two data sources available for Elasticsearch. You need to use the Amazon Elasticsearch service source if you're using IAM based authentication. Otherwise, use the standard data source. +Redash has two data sources available for Elasticsearch. You need to use the +Amazon Elasticsearch service source if you're using IAM based authentication. +Otherwise, use the standard data source.