We have Elastic search cluster with thousands of applications. We would like to read logs through python script from elastic cluster.
Use Cases :
We would like to get this kind of details from cluster.
Able to connect to cluster and in body provided query with match condition.
But I was struck to provide filter for errors from logs and getting last 1h data
from datetime import datetime, timedelta
from elasticsearch import Elasticsearch
es = Elasticsearch(['your_elasticsearch_host'], port=9200)
index_pattern = "your_index_pattern*"
query = {
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-1h" # Logs from the last 1 hour
}
}
},
{
"terms": {
"status_code": [500, 404] # Filter logs based on status code 500 or 404
}
}
]
}
}
}
results = es.search(index=index_pattern, body=query)
//response generation.
for hit in results['hits']['hits']:
print(hit['_source'])
filter logs from the last 1 hour ("gte": "now-1h")
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html