#
EDQL Script Usage
EDQL script is used for creating a standlone script file, for connect Elasticseach and run query, it's context base, so we can use function variable to do some complex queries.
EDQL is based on Intellij, for different use cases there are two places to save new edql script:
- store on EDQL dock manager
- store on current project directory
#
New EDQL by Dock Manager
EDQL manager dashboard is used to manage the EDQL files, it will share cross projects, so we can use this place to store the EDQL files that will be used anywhere.
it will auto fill the HOST, Timeout and Authorization with a simple EDQL Action, the EDQL file will be stored in the Manager like the Scratches files.
#
New EDQL by New file
it will automatically load the EDQL file template, include: HOST, Timeout , Authorization and with a simple EDQL Query Action. this file will be stored on the current directory
#
Configurations
#
HOST
HOST is target to Elasticsearch/Opensearch cluster master host endpoint or gateway
HOST http://127.0.0.1:9200
#
KIBANA_HOST
In some cases we can't directly connect to Elasticsearch Cluster host, only Kibana is exposed to use, in this case we can configure the KIBANA_HOST to proxy query from Elasticsearch
KIBANA_HOST http://localhost:5601/
#
Timeout
Timeout is used to configure every action request timeout, like query, write and delete etc
Caution: this only limit the request timeout, not this action execute time.
Timeout 3000
#
Authorization
If Elasticsearch/Opensearch cluster has configured Authorization, we need to configure the Authorization to connect Elasticsearch Cluster
basic authorization, elastic cloud authorization, AWS credentials
#
Authorization header
HOST http://127.0.0.1:9200
Authorization "Bear xxx"
#
Basic Username and Password
HOST http://127.0.0.1:9200
Username "u"
Password "p"
#
ApiKey Credential
HOST http://127.0.0.1:9200
ApiKeyId "a"
ApiKeySecret "c"
#
AWS Credential
aws has another configuration of aws region
HOST http://127.0.0.1:9200
AWSRegion "us-east"
ApiKeyId "c"
ApiKeySecret "c"
ApiSessionToken "c"
#
Query Action
Elasticsearch query action includes 4 parts:
- Query Methods: GET, POST, DELETE and PUT
- Query Index: the index name for query
- Query Type: search, mapping
- Query Body: the JSON body for query conditions
POST my-index/_search
#OR
GET my-index/_mapping
#OR
GET _cluster/stats
#
Query DSL Body
Query DSL body is the same as the official Query DSL block: QueryDSL, it's a JSON format with the query configurations. since EDQL is based on Intellij, it supports autocomplete, format and live templates, example: qbm, range, wildcard etc.
POST my-index/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"title.keyword": "DGS10"
}
}
]
}
}
}