Elasticsearch - How to Display Query Results in a Kibana Console
Introduction
The Console plugin for Elasticsearch includes a UI to interact with Elasticsearch’s REST API. Console has two main areas, including the editor and response panes. You can compose responses to Elasticsearch in the editor pane, and the response panes displays Elasticsearch’s responses. This tutorial shows how to display query results Kibana console.
Prerequisites
- Elastic Stack must be installed and running on your machine or server.
- Kibana runs on port
5601by default. Assuming you haven’t changed this value in the kibana.yml configuration file, you can open Kibana UI by navigating to https://{YOUR_DOMAIN}:5601 or localhost:5601 in your browser to open the Kibana UI in a browser tab. - If localhost:5601 refuses to connect, try changing the port in
kibana.yml. Restart the Kibana service and navigate to the new port to access the Kibana UI.
The Kibana Console UI
Click on Dev Tools in the left menu panel to access Kibana’s console.
The left pane in the console is the request pane, and the right pane is the response pane.
- Click the green arrow at the end of the command line to execute a request.
Methods
- The console allows you to make queries with the PUT method and requests with the GET method.
PUT Method
- Create a new index with a custom field type by using PUT and the “mappings” field in the console as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | PUT pets { "mappings":{ "_doc": { "properties": { "type" : { "type" : "text" }, "age": {"type" : "integer"}, "breed": {"type": "text"}, "name": {"type": "text"}, "color": {"type": "text"} } } } } |
Add documents to an index with PUT as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | # POST this document about dogs with an ID of 1 as follows: POST pets/_doc/1 { "age": 4, "breed": "Shih Tzu", "color": "white", "name": "Charlie", "type": "dog" } # POST this document about cats with an ID of 2 as follows: POST pets/_doc/2 { "age": 6, "breed": "Maine Coon", "color": "cream", "name": "Ming Ming", "type": "cat" } |
- The “result” field of the returned JSON object should have a value of
"created"if the document is new. The result should be “updated” if the document already exists.
NOTE: If the console returns an error like
1 | [FORBIDDEN/12/index read-only / allow delete (api)] |
it means Elastic has detected that you’re running low on disk space. You need to free up disk space, or disable the read-only settings for your index using read_only_allow_delete as follows:
1 | curl -XPUT -H "Content-Type: application/json" https://{YOUR_DOMAIN}:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' |
.. or
1 | curl -XPUT -H "Content-Type: application/json" localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' |
GET Method
- The
GETcommand returns information about your data. The following command retrieves information on the index called “pets”.
1 | GET pets |
- The result should appear as follows:
Querying Data
- This section discusses some of the Kibana search APIs and provides corresponding examples.
Note : These examples use the parameter “q”, executes the query via URI.
URI Queries
- Return all Porsche documents from “warehouse1” with this command:
1 | GET /car/_search?q=location:warehouse1 |
- Return all Porsche documents from “warehouse1”
or "store23"with this command:
1 | GET /car/_search?q=location:warehouse1 OR store23 |
- Return all Porsche documents from stores with more than 20 units with this command:
1 | GET /car/_search?q=unitquantity :>20 |
- Return all Porsche documents from stores with a quantity between 10 and 20 units with this command:
1 | GET /car/_search?q=unitquantity (>=10 AND =20) |
Bool Query
- QueryDSL is preferable since it’s more robust than URI.
The leaf query looks for a value in a specified field. It includes the match, term or range queries. Compound queries wrap other leaf or compound queries to combine them in a logical fashion(such as the bool or dis_max queries. Compound queries like the constant_score query also alter the behavior of their component queries .
Query context and Filter context change the behavior of a query depending on its purpose.
A query clause in a query helps determine how closely documents match using a scoring system.
In the context of a filter does not use a score but a simple boolean of whether the document matches or not.
The search API is using the following query clause in indexed query and filter documents. This query will match only documents where all of the conditions are satisfied:
The breed must be “shih tzu”, although this parameter isn’t case sensitive
The value for “breed” can’t be empty.
See below screenshot for the above conditions.
1 2 3 4 5 6 7 8 9 10 11 12 13 | GET /pets/_doc/_search { "query": { "bool": { "must": { "match": { "breed": "shih tzu" }}, "must_not": { "match": { "breed": "" }}, "should": [ { "match": { "color": "brown" }}, { "match": { "age": 3 }} ] } } } |
NOTE: Both POST and GET are valid for these queries .
This code shows the following:
- Defines a query.
- The query uses a boolean clause with “must” and “must_not” matches that will create a score for each document.
Range Query
- A range query selects documents that lie within a certain range of values. This example shows how to find pets between the ages of 3 and 6 and returns returns two results:
1 2 3 4 5 6 7 8 9 10 11 12 | GET /pets/_doc/_search { "query": { "range" : { "age": { "gte": 3, "lte": 6 } } }, "_source" : ["age"] } |
- Sadly, dogs and cats don’t live to be 30 years of age, so the console returns 0 “hits” when you change parameters to find pets between 30 and 60 years. of age.
Conclusion
This tutorial showed how to display query results Kibana console from the Put and Get methods. It also discusses the use of the query and filter contexts to refine search results. Additional topics in this tutorial included the bool and match clauses.
Pilot the ObjectRocket Platform Free!
Try Fully-Managed CockroachDB, Elasticsearch, MongoDB, PostgreSQL (Beta) or Redis.
Get Started