How to turn a curl into elasticsearch-py query format?

Question

如何编写elasticsearch-py查询以查询以下相同数据？

--data-binary '{"query": {"filtered": {"query": {"bool": {"should":[ {"query_string": {"query":"request.action.raw:\"aaa\" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:\"bbb\" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:\"ccc\" AND (loglevel:INFO)"}}, } }, "filter": {"bool": {"must":[ {"range": {"@timestamp": {"from":111,"to":222}}}, {"fquery": {"query": {"query_string": {"query":"file:(\"ddd")"}}, "_cache":true}}]}}}}}

Answer 1

If your query is working in curl, the following works with the same query.

from elasticsearch import Elasticsearch
ELASTICSEARCH_ENDPOINT = "url_to_your_elasticsearch_node"
es = Elasticsearch([ELASTICSEARCH_ENDPOINT])


request= '{"query": {"filtered": {"query": {"bool": {"should":[ {"query_string": {"query":"request.action.raw:\"aaa\" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:\"bbb\" AND (loglevel:INFO)"}}, {"query_string": {"query":"request.action.raw:\"ccc\" AND (loglevel:INFO)"}}, } }, "filter": {"bool": {"must":[ {"range": {"@timestamp": {"from":111,"to":222}}}, {"fquery": {"query": {"query_string": {"query":"file:(\"ddd")"}}, "_cache":true}}]}}}}}' 
results = es.search(index="index_name", doc_type="doctype_name", body=request)

Notice that, besides the request, you need to configure the following parameters in the script:

• ELASTICSEARCH_ENDPOINT : URL of your elasticsearch node or cluster
• index_name : the index name.
• doc_type : the doctype name.