Search Commands
Refer to https://www.elastic.co/guide/en/elasticsearch/guide/current/_talking_to_elasticsearch.html
You can use "curl" command to query elastic search:
curl -XGET 'http://uxlpdipacd00001:5151/audit-default-2020*/_search?pretty&size=1000&q=Object\%20Name:00386109914%20or%20Object\%20Name:00386109914' -u admin:changeit
You can pipe the output into a file with the pipe command:
curl -XGET 'http://uxlpdipacd00001:5151/audit-default-2020*/_search?pretty&size=1000&q=Object\%20Name:00386109914%20or%20Object\%20Name:00386109914' -u admin:changeit > test.out
Report Commmands
Automatic installation of default report templates
If you want to reports automatically you can remove "asreports" index in ES by command
"curl -XDELETE http://ES_HOST:9200/asreports"
and restart AuditServer, default templates will be installed automatically
Manual installation of report templates
Or you can install them manually with "curl" command:
curl -XPOST 'http://ES_HOST:9200/asreports/content' -d @DefaultUserReport.json
To add an individual report templates with "curl"
curl XPOST http://ES_HOST:9200/asreports/content -d @ReportName.json
Export report templates
To export all report templates from ES you can use also a "curl" command:
curl 'http://YOUR_ES:9200/asreports/_search'; > asreports.json
or you can use your browser and open following URL
http://YOUR_ES:9200/asreports/_search
Save page as file (probably better in chrome or firefox)
Mapping Template
If you extend your elasticSearch with new content type you have to add a "mapping template". This is a JSON file, that discribes the content of your index. For example to load the mapping template for workflow index:
curl -XPOST http://localhost:9200/_template/workflow_template -d @es_workflow-template.json