Short post. Sharing how you make an ELK query from Python using also timestamp:
es=Elasticsearch([{'host':'[elk_host','port':elk_port}])
query_body_mem = {
"query": {
"bool" : {
"must" : [
{
"query_string" : {
"query": "metricset.module:system metricset.name:memory AND tags:test AND host.name:[hostname]"
}
},
{
"range" : {
"@timestamp" : {
"gte" : "now-2d",
"lt" : "now"
}
}
}
]
}
}
}
res_mem=es.search(index="metricbeat-*", body=query_body_mem, size=500)
df_mem = json_normalize(res_mem['hits']['hits'])
And that’s all!
Cheers