You can run these sample queries from Analytics Dashboard > Dev Tools.
To get the Elasticsearch version and other details, use GET /.
To retrieve the data from Elasticsearch by using an event ID. For example if you want an Identity Server login event, the sample query will look similar to the following:
GET _index_name/_search
{
"query":
{"match": {
"eventID": "002E000A"
}}
}To retrieve the data from Elasticsearch based on time such as events added in the last 15 minutes, use the following query:
GET _index_name/_search
{
"query": {
"range" : {
"createDate": {
"gte" : "now-15m",
"lt" : "now"
}
}
}
} To retrieve all Analytics Dashboard events except the given Event ID, use the following query:
GET _index_name/_search
{ "query": {
"bool": {
"must_not": {
"match": {
"eventID": "002E000A"
}
}
}
}
}To retrieve the Identity Server login event added in the last 15 minutes, use the following query:
GET _index_name/_search
{ "query": {
"bool": {
"must": [{
"match": {
"eventID": "002E000A"
}
},
{
"range": {
"createDate": {
"gte": "now-15m",
"lt": "now"
}
}
}
]
}
}
}To retrieve matching any one of the Event ID in the list, use the following query:
GET _index_name/_search
{ "query": {
"bool": {
"should" : [
{ "match" : { "eventID": "002E000A" } },
{ "match" : { "eventID": "002E000C" } }
]
}
}
}NOTE:The _index_name can be realtime (7 days of data) or historic (6 months of data).