📍

0. Start Here

🏡 Home 👉 Next

Chapter Structure

Each chapter is dedicated to a separate topic and was put together such that it can be read on its own. At the same time, the chapters often reference one another, esp. in contexts where backlinks are educative.
Each subchapter starts with a brief summary of what falls into the given category, followed by a description of the challenges that people usually face. Next, the I present one or two real-world use cases and an approach I'd take to solve them. Tips 💡, key pieces of information 🔑, and caveats ⚠️ are scattered throughout the text.
 

Kibana

Since Elasticsearch is essentially a JSON-in/JSON-out server, all communication with it is performed through HTTP(S) — a cURL request at the very least. Using cURL is perfectly fine for those of us who live in the terminal but the rest of us either use Postman/Insomnia or Kibana.

Using the Kibana Console

Most code snippets in this handbook are ready to be copy-pasted into the Kibana Dev Tools Console:
Older version of Kibana
Older version of Kibana
Newer version of Kibana
Newer version of Kibana
After pasting, the queries can be run using cmd/ctrl + enter and prettified / compacted using cmd/ctrl + i.
The 🔧 icon can:
  1. take you to the official documentation based on the currently entered endpoint
  1. but also convert the Kibana DSL (domain-specific language) statements into a raw cURL request.
 
Working with Kibana in combination with the Chrome Dev Tools is a great time-saver.
 

Triple Quotes in JSON?

In this book and elsewhere you'll encounter triple quotes inside JSON queries, esp. in multi-line scripts such as:
GET index_name/_search
{
  "query": {
    "script": {
      "source": """
        // some
        // multiline
        // code
      """
    }
  }
}
The above is invalid JSON so you cannot use it as the actual request body. But triple quotes are a convention that helps increase code readability and supports multi-line strings, esp. when devising/testing out scripts. They work in Kibana because they get escaped right before the corresponding REST call is performed — you can verify that by inspecting the body of the XHR calls made to the /api/console/proxy endpoint in the network tab of your browser's dev tools.
So you've got two options if we want to use the multi-line JSON in any environment outside of Kibana (be it in Postman, cURL, etc.):
  1. either rewrite the contents of these multi-line strings manually
  1. or simply press cmd/ctrl + i. The resulting compact query would then look like:
{"query":{"script":{"source":"// some\n // multiline\n // code\n return true"}}}

Already purchased? Sign in here.