sample with raw query - Githubissues

pteich / elastic-query-export

🚚 Export Data from ElasticSearch to CSV/JSON using a Lucene Query (e.g. from Kibana) or a raw JSON Query string

MIT License

89 stars 18 forks source link

sample with raw query #11

Open starlessboi opened 2 years ago

starlessboi commented 2 years ago

Hi thanks for you amazing job I have a use case that need to export data with a given raw query like this: { "query": { "query_string": { "query": "source : x.x.x.x " } }, "fields": [ "@timestamp", "source.address", "user.id" ], "_source": false } ' how can I do this? can you give a sample? thanks in advance

ggsongnail commented 2 years ago

you can try like this elastic-query-export -r '{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"match_phrase\":{\"message\":\"屈臣氏\"}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}}'