es_notebook_nbformat.py

#!/usr/bin/env python3

# Author: Roberto Rodriguez (@Cyb3rWard0g)
# License: GPL-3.0

import nbformat as nbf

# Initializing Notebooks Cells
nb = nbf.v4.new_notebook() 
nb['cells'] = []

# *** Title Markdown Cell***
nb['cells'].append(nbf.v4.new_markdown_cell("# Query Elasticsearch"))

# *** Import Libraries Markdown Cell ***
nb['cells'].append(nbf.v4.new_markdown_cell("## Import Libraries"))

# *** Import Libraries Code Cell ***
nb['cells'].append(nbf.v4.new_code_cell("""from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
import pandas as pd"""))

# *** Initialize Elasticsearch Markdown Cell ***
nb['cells'].append(nbf.v4.new_markdown_cell("## Initialize Elasticsearch client"))

# *** Initialize Elasticsearch Code Cell ***
nb['cells'].append(nbf.v4.new_code_cell("""es = Elasticsearch(['http://helk-elasticsearch:9200'])
searchContext = Search(using=es, index='logs-*', doc_type='doc')"""))

# *** Set search query context Makdown Cell ***
nb['cells'].append(nbf.v4.new_markdown_cell("## Set Elasticsearch Query Context"))

# *** Set search query context Code Cell ***
nb['cells'].append(nbf.v4.new_code_cell("s = searchContext.query('query_string', query='event_id:1')"))

# *** Run query and explore response Markdown Cell ***
nb['cells'].append(nbf.v4.new_markdown_cell("## Run query and explore results"))

# *** Run query and explore response Code Cell ***
nb['cells'].append(nbf.v4.new_code_cell("""rresponse = s.execute()
if response.success():
    df = pd.DataFrame((d.to_dict() for d in s.scan()))
df"""))

# *** Create/write Jupyter Notebook **
nbf.write(nb, "es_notebook_nbformat.ipynb")