Get a REST/cURL representation of Kibana 5.6 search result

Question

I've just made a Kibana query using its web interface. The query has a WHERE-like part (source:*blah2.log), and a SELECT-like part (showing only 3 fields of each match).

Naturally, Kibana fetches these items by making a REST request to ElasticSearch, which I would like to use programmatically.

How to I get the Kibana search query as in cURL / other HTTP format?

PS - I actually asked this two years ago (Representing a Kibana query in a REST, curl form), but the interface has changed and the new Kibana lacks the good old caret that opened the menu featuring that option.

Answer 1

There is a little arrow between the overview graph on the top and the table containing the results of your query. When you click this arrow the graph representation changes to some kind of debug view where you can either inspect the results or also see both, the request and response of the elasticsearch query.

So, if you want to get the request used for your specific query, just use the according view. But keep in mind that this request contains a bit more than you usually need, because it adds

1. a time range which is selected implicitly in kibana
2. some highlighting rules that you probably don't need
3. an aggregation which is used for displaying the overview chart

Under the query key you find what you want (combined with the time range). If you want to restrict the keys that are returned (and thus not want the full documents), you can use the so called source filtering as described in the elasticsearch docs. In Kibana this filtering is done on the client side which is why you don't see any excludes in the request from kibana.

Answer 2

Under the chart on the left there is a little arrow:

Now click on it it will display a little dropdown list.

Choose request and you can see the exact request that is send to ES. You can see as well the response and other stuff.