You can run these sample queries using Analytics Dashboard > Dev Tools.
To get Elasticsearch version and other details use GET /.
You can retrieve data from Elasticsearch using an event ID. For example if you want an Identity Server login event, the sample query will look similar to the following:
GET _index_name/_search
{
"query":
{"match": {
"eventID": "002E000A"
}}
}To retrieve data from Elasticsearch based on time such as events added in last 15 minutes, you can use the below query:
GET _index_name/_search
{
"query": {
"range" : {
"createDate": {
"gte" : "now-15m",
"lt" : "now"
}
}
}
} To retrieve all the Analytics Dashboard events except the given Event ID, use the below query:
GET _index_name/_search
{ "query": {
"bool": {
"must_not": {
"match": {
"eventID": "002E000A"
}
}
}
}
}To retrieve Identity Server login event added in last 15 minutes, use of below query:
GET _index_name/_search
{ "query": {
"bool": {
"must": [{
"match": {
"eventID": "002E000A"
}
},
{
"range": {
"createDate": {
"gte": "now-15m",
"lt": "now"
}
}
}
]
}
}
}To retrieve matching any one of the Event ID in the list, use the below query:
GET _index_name/_search
{ "query": {
"bool": {
"should" : [
{ "match" : { "eventID": "002E000A" } },
{ "match" : { "eventID": "002E000C" } }
]
}
}
}NOTE:The _index_name can be realtime (7 days of data) or historic (6 months of data).