OpenSearch
Links
Some examples
GET syslog-*/_search
{
"size": 100,
"query": {
"bool": {
"must": {
"match": {
"message": {"query": "canb"}
}
},
"filter": [
{"terms": {"host": ["10.4.0.4","10.4.0.2"]}},
{"range": {"@timestamp": {"gte": "now-950m/m"}}}
]
}
},
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
]
}
GET syslog-*/_search
{
"size": 100,
"query": {
"bool": {
"must": {
"simple_query_string": {
"query": "ssh* | slot*",
"fields": ["message"],
"flags": "ALL"
}
},
"filter": [
{"terms": {"host": ["10.4.0.4","10.4.0.2"]}},
{"range": {"@timestamp": {"gte": "now-950m/m"}}}
]
}
},
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
]
}
GET syslog-*/_search
{
"size": 10000,
"query": {
"bool": {
"must": {
"terms": {"host": ["10.4.0.3","10.4.0.2"]}
},
"filter": [
{"terms": {"message": ["alex","cworks"]}},
{"range": {"@timestamp": {"gte": "now-1620m/m"}}}
]
}
}
}
GET syslog-*/_search
{
"size": 10000,
"query": {
"bool": {
"must": {
"terms": {"message": ["alex", "cworks"]}
},
"filter": [
{"terms": {"host": ["10.4.0.3","10.4.0.2"]}},
{"range": {"@timestamp": {"gte": "now-1620m/m"}}}
]
}
}
}
GET syslog-*/_search
{
"size": 20,
"query": {
"bool": {
"must": [
{ "match": { "host": "10.4.0.3" }}
],
"filter": [
{ "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d"}}}
]
}
}
}
GET syslog-*/_search
{
"size": 1000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d"}}}
]
}
}
}
GET syslog-*/_search
{
"size": 1000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d"}}},
{"terms": { "host": [ "10.4.0.3", "10.4.0.2", "10.4.0.5", "10.4.0.6", "10.4.0.8" ]}}
]
}
}
}
GET syslog-*/_search
{
"size": 2000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-10m/m", "lte": "now/m"}}},
{ "terms": { "host": [ "10.4.0.3", "10.4.0.2", "10.4.0.5", "10.4.0.6", "10.4.0.8" ]}}
]
}
}
}
GET syslog-*/_search
{
"size": 2000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-300m/m", "lte": "now/m"}}},
{ "terms": { "host": [ "10.4.0.3" ]}}
]
}
},
"fields": [
"host",
"message",
"@timestamp"
],
"_source": false
}
https://opensearch.org/docs/2.0/opensearch/supported-field-types/date/
GET syslog-*/_search
{
"size": 2000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-300m/m", "lte": "now/m"}}},
{ "terms": { "host": [ "10.4.0.3" ]}}
]
}
},
"fields": [
"host",
"message",
{
"field": "@timestamp",
"format": "dd.MM.yyyy"
}
],
"_source": false
}
GET syslog-*/_search
{
"size": 2000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-300m/m", "lte": "now/m"}}},
{ "terms": { "host": [ "10.4.0.3" ]}}
]
}
},
"fields": [
"host",
"message",
{
"field": "@timestamp",
"format": "dd.MM.yyyy-HH:mm:ss"
}
],
"_source": false
}
===================================================
GET syslog-*/_search
{
"size": 1000,
"query": {
"bool": {
"must": {
"match_all": {}
}
}
}
}
GET syslog-*/_search
{
"size": 1000,
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": [
{ "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d"}}}
]
}
}
}
GET syslog-*/_search
{
"size": 1000,
"query": {
"bool": {
"match_all": {},
"filter": [
{ "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d"}}}
]
}
}
}
GET syslog-2023.06.01/_search
{
"size": 50,
"query": {
"term": {
"host": {
"value": "10.4.0.3"
}
}
}
}
GET /.kibana_1/_search
{
"_index": "syslog-2023.06.01",
"_source": {
"host": "10.4.0.3",
},
"fields": {
"@timestamp": [
"2023-06-01T06:48:00.000Z"
]
},
}
GET .kibana_1/_search
{
"query": {
"term": {
"host": {
"value": "10.4.0.3"
}
}
}
}
GET /.kibana_1/_search
{
"size": 50,
"query": {
"multi_match": {
"query": "syslog-*",
"fields": ["@timestamp", "host"]
}
}
}
GET .kibana_1/_search
{
"size": 10,
"query": {
"match": {
"host": "10.4.0.3"
}
},
}
GET _search
{
"query": {
"match_all": {}
}
}
Last updated