Elasticsearch Data Stream Parameters

The Elasticsearch plugin provides configurable data streams to query data from the Elasticsearch API.

Each configurable data stream exposes a set of parameters that lets you filter the data you retrieve. The following information describes the available configurable data streams and their parameters in detail.

Lucene Query

Parameter
Description
Lucene query
Enter a valid Lucene query string to search your data. This field supports Lucene’s query syntax, allowing you to specify terms, logical operators, ranges, and wildcards. It’s useful for quick text-based searches and lightweight filtering, but does not support the full JSON Query DSL. For example: 
managedEntityDisplayName:"Microsoft Windows Server 2016 Datacenter"

Query DSL

Parameter
Description
Query body
Enter a valid Elasticsearch Query DSL (Domain Specific Language) statement in JSON format. This defines how Elasticsearch should search, filter, and return data from an index. The query can include conditions, aggregations, sorting, and full-text search expressions. For example:
{
    "query": {
        "query_string": {
            "query": "managedEntityDisplayName:\"Microsoft Windows Server 2016 Datacenter\""
        }
    }
}​​​​
Query parameters
Optionally, specify a set of JSON parameters for your Query Body. for example:
{
    "q": "managedEntityDisplayName:\"Microsoft Windows Server 2016 Datacenter\""
}‌‍‌‌

Was this article helpful?

Have more questions or facing an issue?
Submit a ticket