NAME

es-search.pl - Provides a CLI for quick searches of data in ElasticSearch daily indexes

VERSION

version 2.1

SYNOPSIS

es-search.pl [search string]

Options:

--help              print help
--manual            print full manual
--show              Comma separated list of fields to display, default is ALL, switches to tab output
--exists            Field which must be present in the document
--missing           Field which must not be present in the document
--index             Search only this index by name!
--size              Result size, default is 20
--asc               Sort by ascending timestamp
--desc              Sort by descending timestamp (Default)
--fields            Display the field list for this index!

From CLI::Helpers:

--color             Boolean, enable/disable color, default use git settings
--verbose           Incremental, increase verbosity
--debug             Show developer output
--quiet             Show no output (for cron)

DESCRIPTION

This tool takes a search string parameter to search the cluster. It is in the format of the Lucene query string

Examples might include:

# Search for past 10 days vhost admin.example.com and client IP 1.2.3.4
es-search.pl --days=10 --size=100 dst:"admin.example.com" AND src_ip:"1.2.3.4"

# Search for all apache logs past 5 days with status 500
es-search.pl program:"apache" AND crit:500

# Search for all apache logs past 5 days with status 500 show only file and out_bytes
es-search.pl program:"apache" AND crit:500 --show file,out_bytes

# Search for ip subnet client IP 1.2.3.0 to 1.2.3.255 or 1.2.0.0 to 1.2.255.255
es-search.pl --size=100 dst:"admin.example.com" AND src_ip:"1.2.3.*"
es-search.pl --size=100 dst:"admin.example.com" AND src_ip:"1.2.*"

Helpful in building queries is the --fields options which lists the fields:

es-search.pl --fields

NAME

es-search.pl - Search a logging cluster for information

OPTIONS

help

Print this message and exit

manual

Print detailed help with examples

show

Comma separated list of fields to display in the dump of the data

--show src_ip,crit,file,out_bytes

exists

Filter results to those containing a valid, not null field

--exists referer

Only show records with a referer field in the document.

missing

Filter results to those not containing a valid, not null field

--missing referer

Only show records without a referer field in the document.

fields

Display a list of searchable fields

index

Search only this index for data, may also be a comma separated list

days

The number of days back to search, the default is 5

base

Index base name, will be expanded using the days back parameter. The default is 'logstash' which will expand to 'logstash-YYYY.MM.DD'

size

The number of results to show, default is 20.

AUTHOR

Brad Lhotsky <brad@divisionbyzero.net>

COPYRIGHT AND LICENSE

This is free software, licensed under:

The (three-clause) BSD License

To install App::ElasticSearch::Utilities, copy and paste the appropriate command in to your terminal.

cpanm

cpanm App::ElasticSearch::Utilities

CPAN shell

perl -MCPAN -e shell
install App::ElasticSearch::Utilities

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

SYNOPSIS

DESCRIPTION

NAME

OPTIONS

AUTHOR

COPYRIGHT AND LICENSE

Module Install Instructions