def main():
es_host = raw_input("Elasticsearch host: ")
es_port = raw_input("Elasticsearch port: ")
db_name = raw_input("Dashboard name: ")
send_get_body_as = raw_input(
"Method for querying Elasticsearch[GET]: ") or 'GET'
es = Elasticsearch(host=es_host,
port=es_port,
send_get_body_as=send_get_body_as)
query = {'query': {'term': {'_id': db_name}}}
res = es.search(index='kibana-int',
doc_type='dashboard',
body=query,
_source_include=['dashboard'])
if not res['hits']['hits']:
print("No dashboard %s found" % (db_name))
exit()
db = json.loads(res['hits']['hits'][0]['_source']['dashboard'])
config_filters = filters_from_dashboard(db)
print("\nPartial Config file")
print("-----------\n")
print("name: %s" % (db_name))
print("es_host: %s" % (es_host))
print("es_port: %s" % (es_port))
print("filter:")
print(yaml.safe_dump(config_filters))
def test_filters_from_dashboard():
filters = filters_from_dashboard(test_dashboard)
assert {'term': {'_log_type': '"active_directory"'}} in filters
assert {
'query': {
'query_string': {
'query': 'ad.security_auditing_code:4740'
}
}
} in filters
def main():
es_host = input("Elasticsearch host: ")
es_port = input("Elasticsearch port: ")
db_name = input("Dashboard name: ")
send_get_body_as = input(
"Method for querying Elasticsearch[GET]: ") or 'GET'
es = elasticsearch_client({
'es_host': es_host,
'es_port': es_port,
'send_get_body_as': send_get_body_as
})
print("Elastic Version:" + es.es_version)
query = {'query': {'term': {'_id': db_name}}}
if es.is_atleastsixsix():
# TODO check support for kibana 7
# TODO use doc_type='_doc' instead
res = es.deprecated_search(index='kibana-int',
doc_type='dashboard',
body=query,
_source_includes=['dashboard'])
else:
res = es.deprecated_search(index='kibana-int',
doc_type='dashboard',
body=query,
_source_include=['dashboard'])
if not res['hits']['hits']:
print("No dashboard %s found" % (db_name))
exit()
db = json.loads(res['hits']['hits'][0]['_source']['dashboard'])
config_filters = filters_from_dashboard(db)
print("\nPartial Config file")
print("-----------\n")
print("name: %s" % (db_name))
print("es_host: %s" % (es_host))
print("es_port: %s" % (es_port))
print("filter:")
print(yaml.safe_dump(config_filters))
def main():
es_host = raw_input("Elasticsearch host: ")
es_port = raw_input("Elasticsearch port: ")
db_name = raw_input("Dashboard name: ")
es = Elasticsearch(host=es_host, port=es_port)
query = {'query': {'term': {'_id': db_name}}}
res = es.search(index='kibana-int', doc_type='dashboard', body=query, _source_include=['dashboard'])
if not res['hits']['hits']:
print("No dashboard %s found" % (db_name))
exit()
db = json.loads(res['hits']['hits'][0]['_source']['dashboard'])
config_filters = filters_from_dashboard(db)
print("\nPartial Config file")
print("-----------\n")
print("name: %s" % (db_name))
print("es_host: %s" % (es_host))
print("es_port: %s" % (es_port))
print("filter:")
print(yaml.safe_dump(config_filters))
def test_filters_from_dashboard():
filters = filters_from_dashboard(test_dashboard)
assert {'term': {'_log_type': '"active_directory"'}} in filters
assert {'query': {'query_string': {'query': 'ad.security_auditing_code:4740'}}} in filters
