├── .gitignore ├── README.md ├── queryes.py └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | env 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | es-query-simple 2 | =============== 3 | 4 | A tiny command line utility to query elasticsearch. "Because `curl` isn't a cli." 5 | 6 | Installation 7 | ------- 8 | 9 | ``` 10 | git clone (this repo) 11 | pip install -r requirements.txt 12 | ./queryes.py 13 | ``` 14 | 15 | Usage 16 | ------- 17 | 18 | ``` 19 | usage: ./queryes.py -h [es_host:port] 20 | 21 | options: 22 | -h [host:port] host and port. defaults to localhost:9200 23 | -c [count] number of results to return 24 | -i [index] query a specific index 25 | -j,--json output json instead of lines 26 | --help print this. 27 | -l list all indexes on host 28 | ``` 29 | 30 | Examples 31 | -------- 32 | 33 | Get 100 apache events from the logstash-2020.04.11 index 34 | 35 | `./queryes.py -h "mybigserver:9200" -i "logstash-2020.4.11" -c 100 "type:apache AND clientip:4.2.2.1"` 36 | 37 | Same, but print json instead 38 | 39 | `./queryes.py -h "mybigserver:9200" -i "logstash-2020.4.11" -c 100 --json "type:apache AND clientip:4.2.2.1"` 40 | 41 | Return a list of all indexes in a cluster 42 | 43 | `./queryes.py -h "mybigserver:9200" -l` 44 | 45 | -------------------------------------------------------------------------------- /queryes.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from elasticsearch import Elasticsearch 4 | import getopt 5 | import sys 6 | 7 | 8 | def query_es(host, query, index, count, json_output): 9 | 10 | es = Elasticsearch([host]) 11 | data = es.search(q=query, size=count, index=index) 12 | if json_output: 13 | import json 14 | print json.dumps(data) 15 | else: 16 | for item in data["hits"]["hits"]: 17 | string = [str(v) for v in item["_source"].values()] 18 | output = " ".join(string) 19 | print "{} {} {}".format(item["_source"]["@timestamp"], item["_type"], output) 20 | 21 | def get_index_list(host): 22 | es = Elasticsearch([host]) 23 | print "\n".join(es.indices.get_aliases().keys()) 24 | 25 | def usage(): 26 | print """Es-query-simple by Ryan Huber 27 | usage: {name} -h [es_host:port] 28 | 29 | options: 30 | -h [host:port] host and port. defaults to localhost:9200 31 | -c [count] number of results to return 32 | -i [index] query a specific index 33 | -j,--json output json instead of lines 34 | --help print this. 35 | -l list all indexes on host 36 | 37 | """.format(name=sys.argv[0]) 38 | 39 | if __name__ == "__main__": 40 | 41 | try: 42 | opts, args = getopt.getopt(sys.argv[1:], "c:ji:h:l", ["count=", "json", "index=", "host=", "list", "help"]) 43 | except getopt.GetoptError: 44 | usage() 45 | sys.exit(2) 46 | 47 | host = "localhost:9200" 48 | query = args 49 | index="_all" 50 | count=10 51 | json_output = False 52 | 53 | for o, a in opts: 54 | if o == "--help": 55 | usage() 56 | sys.exit(1) 57 | if o in ("-h", "--host"): 58 | host = a 59 | if o in ("-c", "--count"): 60 | count = a 61 | if o in ("-j", "--json"): 62 | json_output = True 63 | if o in ("-i", "--index"): 64 | index = a 65 | if o in ("-l", "--index"): 66 | get_index_list(host) 67 | sys.exit(0) 68 | 69 | query_es(host, query, index, count, json_output) 70 | 71 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | elasticsearch==1.4.0 2 | urllib3==1.10.4 3 | --------------------------------------------------------------------------------