elasticsearch-query

Release 2.4.0

Run queries against Kibana's Elasticsearch that gets logs from Logstash.

Homepage PyPI Python

Keywords
logstash, kibana, elasticsearch, logging, elasticsearch-client, logs, sus, wikia
License
MIT
Install
pip install elasticsearch-query==2.4.0

Documentation

elasticsearch-query

PyPI Build Status

Run queries against Kibana's Elasticsearch that gets logs from Logstash. Forked from Wikia's kibana.py.

pip install elasticsearch-query

Basic Usage

from elasticsearch_query import ElasticsearchQuery
es_query = ElasticsearchQuery(es_host='es.prod', since=12345, period=900, index_prefix='logstash-my-app')

es_host needs to be specified with a host of Elasticsearch instance to connect.

Provide either since (absolute timestamp) or period (last N seconds):

  • since: UNIX timestamp data should be fetched since (if None, then period specifies the last n seconds).
  • period: period (in seconds) before now() to be used when since is empty (defaults to last 15 minutes).

index_prefix argument will be used to build indices names to query in. They should follow the index-name-YYYY.MM.DD naming convention, e.g. logstash-my-app-2014.08.19.

get_rows

Returns data matching the given query (provided as a dict).

es_query.get_rows(match={"tags": 'edge-cache-requestmessage'}, limit=2000)
  • match: query to be run against log messages (ex. {"@message": "Foo Bar DB queries"}).
  • limit: the number of results (defaults to 10).

query_by_string

Returns data matching the given query string (provided as a Lucene query).

es_query.query_by_string(query='@message:"^PHP Fatal"', limit=2000)
es_query.query_by_string(query='@message:"^PHP Fatal"', fields=['@message', '@es_query_host'], limit=2000)
  • query: query string to be run against log messages (ex. @message:"^PHP Fatal").
  • fields: optional list of fields to fetch
  • limit: the number of results (defaults to 10).

query_by_sql

Returns data matching the given SQL query.

This feature requires non-OSS version of Elasticsearch ("To be clear, while the X-Pack source code is now available in the public repositories, it isn’t under an Open Source license").

es_query.query_by_sql(sql='SELECT host FROM "app-requests" WHERE host = \'app2.prod\'')

count

Returns number of matching entries

es_query.count(query='@message:"^PHP Fatal"')

Integration tests

elasticsearch-query comes with integration tests suite. .travis.yml will install elasticsearch OSS version and run them.

But you can also run it locally. Simply pass ES_TEST_HOST=<elasticsearch IP> env variable when running tests (make test).

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
0
Forks
0
Watchers
0
Contributors
1
Repository size
67.4 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.4.0
2.3.0

Contributors

Maciej Brencz


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 01:10:39 UTC

Login to resync this project