Coralogix provides an Elastic API which allows you to query your hosted Elasticsearch instances securely and with ease.
In order to use ElasticSearch API you must add Coralogix token with each HTTP call.
| .com | .in |
Elasticsearch-API | ||
SSL Certificates | ||
Cluster URL | coralogix.com | app.coralogix.in |
How to query your Coralogix elastic API:
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{ "query": { "bool": { "must": [ { "term": { "coralogix.metadata.applicationName": "PROD" } }, { "range": { "coralogix.timestamp": { "gte": "now-15m", "lt": "now" } } } ] } }, "aggs": { "severities": { "terms": { "field": "coralogix.metadata.severity" } } } }' 'Elasticsearch-API/*/_search' Copy
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{ "query": { "bool": { "must": [ { "match": { "text": "created" } }, { "range": { "coralogix.timestamp": { "gte": "now-15m", "lt": "now" } } } ] } } }' 'Elasticsearch-API/*/_search' Copy
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{ "query": { "bool": { "filter":[{ "query_string": { "query": "YOUR QUERY" } }, { "range": { "coralogix.timestamp": { "gte": "2019-10-23T14:00:00", "time_zone": "+03:00" } } } ] } } }' 'Elasticsearch-API/*/_search' CopyHow to use scroll API:
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{ "size": 1000, "query": { "bool": { "filter": [{ "query_string": { "query": "YOUR QUERY" } }, { "range": { "coralogix.timestamp": { "gte": "now-24h", "lt": "now" } } } ] } } }' 'Elasticsearch-API/*/_search?scroll=5m'CopyYou will receive the first batch of the logs along with a new field in the root of the response named _scroll_id. That scroll_id should be used in the following requests to create the pagination and get the next log batches. You should repeat the second request until all logs are retrieved.
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{ "scroll": "5m", "scroll_id": "YOUR_SCROLL_ID" }' 'Elasticsearch-API/_search/scroll'CopyThe Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations:
Supports only POST requests
supported top-level elements of the Search API: query, from, size, sort, _source, post_filter, aggs, aggregations
The sum of the top-level elements ‘from’ and ‘size’ cannot be greater than 12000
allow_leading_wildcard element in query_string query is not allowed.
Wildcard queries can’t start with ‘*’ or ‘?’
Regex queries can’t start with ‘.*’ or ‘.?’
max_determinized_states element inside regex queries is not allowed.
Size element for bucket aggregations cannot be greater than 1200.
The bucket aggregation of the type significant_terms is not allowed.
Nesting of the following bucket aggregations 3 or more times is not allowed: date_histogram, geohash_grid, histogram, ip_ranges, and terms.
fuzzy_max_expansions element in query_string query is not allowed.
Max_expansions element in a fuzzy query is not allowed.
When specifying the URL query param ’scroll’ it can not be greater than 6m.
To retrieve the accurate number of hits of your query add to your request: “track_total_hits”:true
If you are running ES-API requests with scripts note that there is a 160 requests limit per 30 seconds.
When using the Scroll API _search/scroll
supported top-level elements of the Scroll API: size, scroll, scroll_id
scroll element cannot be greater than 6m
size element cannot be greater than 12000
Elastic API query tutorials: