psimoesSsimoes/elastic_surrond.sh

## elastic_surrond.sh
#!/bin/bash

helpFunction()
{
   echo ""
   echo "Usage: $0 --elastic_url --sort <sort_id> --around <number_of_entries> --filter <jq filter>"
   echo -e "\t--elastic_url the elasticsearch url"
   echo -e "\t--sort sort field found on json entry, corresponding to an unix timestamp"
   echo -e "\t--size number of surrounding documents"
   echo -e "\t--filter is the jq filter you want to use"
   exit 1
}

ARGUMENT_LIST=(
    "url"
    "sort"
    "around"
    "size"
    "filter"
)


# read arguments
opts=$(getopt \
    --longoptions "$(printf "%s:," "${ARGUMENT_LIST[@]}")" \
    --name "$(basename "$0")" \
    --options "" \
    -- "$@"
)

eval set --$opts

while [[ $# -gt 0 ]]; do
    case "$1" in
        --sort)
            sort=$2
            shift 2
            ;;

        --around)
            aroun=$2
            shift 2
            ;;

         --filter)
            filter=$2
            shift 2
            ;;

          --url)
            url=$2
            shift 2
            ;;

        --) shift ; break ;;
    esac
done

# Print helpFunction in case parameters are empty
if [ -z "$sort" ] || [ -z "$around" ] || [ -z "$filter" ] || [ -z "$url" ]
then
   echo "Some or all of the parameters are empty";
   helpFunction
fi


c=$(( $sort + 86400000 ))
d=$(( $sort + 1985122 ))

curl  'https://$url/elasticsearch/_msearch?rest_total_hits_as_int=true&ignore_throttled=true' -H 'User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'content-type: application/x-ndjson' -H 'kbn-version: 6.6.0' -H 'Connection: keep-alive' -H 'TE: Trailers' --data-raw $'{\"index\":\"logstash-default*\",\"ignore_unavailable\":true,\"preference\":'$d$'}\n{\"size\":'$size$',\"search_after\":['$sort$',20707492],\"sort\":[{\"@timestamp\":{\"order\":\"asc\",\"unmapped_type\":\"boolean\"}},{\"_doc\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"version\":true,\"_source\":{\"excludes\":[]},\"stored_fields\":[\"*\"],\"script_fields\":{},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"date_time\"}],\"query\":{\"bool\":{\"must\":[{\"constant_score\":{\"filter\":{\"range\":{\"@timestamp\":{\"format\":\"epoch_millis\",\"gte\":'$sort$',\"lte\":'$c$'}}}}}],\"filter\":[],\"should\":[],\"must_not\":[]}},\"timeout\":\"30000ms\"}\n{\"index\":\"logstash-default*\",\"ignore_unavailable\":true,\"preference\":'$d$'}\n{\"size\":5,\"search_after\":['$sort$',20707492],\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}},{\"_doc\":{\"order\":\"asc\",\"unmapped_type\":\"boolean\"}}],\"version\":true,\"_source\":{\"excludes\":[]},\"stored_fields\":[\"*\"],\"script_fields\":{},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"date_time\"}],\"query\":{\"bool\":{\"must\":[{\"constant_score\":{\"filter\":{\"range\":{\"@timestamp\":{\"format\":\"epoch_millis\",\"lte\":'$sort$',\"gte\":'$c$'}}}}}],\"filter\":[],\"should\":[],\"must_not\":[]}},\"timeout\":\"30000ms\"}\n' | jq '.responses[0].hits.hits[] | $filter'
	#!/bin/bash

	helpFunction()
	{
	echo ""
	echo "Usage: $0 --elastic_url --sort <sort_id> --around <number_of_entries> --filter <jq filter>"
	echo -e "\t--elastic_url the elasticsearch url"
	echo -e "\t--sort sort field found on json entry, corresponding to an unix timestamp"
	echo -e "\t--size number of surrounding documents"
	echo -e "\t--filter is the jq filter you want to use"
	exit 1
	}

	ARGUMENT_LIST=(
	"url"
	"sort"
	"around"
	"size"
	"filter"
	)


	# read arguments
	opts=$(getopt \
	--longoptions "$(printf "%s:," "${ARGUMENT_LIST[@]}")" \
	--name "$(basename "$0")" \
	--options "" \
	-- "$@"
	)

	eval set --$opts

	while [[ $# -gt 0 ]]; do
	case "$1" in
	--sort)
	sort=$2
	shift 2
	;;

	--around)
	aroun=$2
	shift 2
	;;

	--filter)
	filter=$2
	shift 2
	;;

	--url)
	url=$2
	shift 2
	;;

	--) shift ; break ;;
	esac
	done

	# Print helpFunction in case parameters are empty
	if [ -z "$sort" ] \|\| [ -z "$around" ] \|\| [ -z "$filter" ] \|\| [ -z "$url" ]
	then
	echo "Some or all of the parameters are empty";
	helpFunction
	fi



	c=$(( $sort + 86400000 ))
	d=$(( $sort + 1985122 ))

	curl 'https://$url/elasticsearch/_msearch?rest_total_hits_as_int=true&ignore_throttled=true' -H 'User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0' -H 'Accept: application/json, text/plain, /' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'content-type: application/x-ndjson' -H 'kbn-version: 6.6.0' -H 'Connection: keep-alive' -H 'TE: Trailers' --data-raw $'{\"index\":\"logstash-default\",\"ignore_unavailable\":true,\"preference\":'$d$'}\n{\"size\":'$size$',\"search_after\":['$sort$',20707492],\"sort\":[{\"@timestamp\":{\"order\":\"asc\",\"unmapped_type\":\"boolean\"}},{\"_doc\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"version\":true,\"_source\":{\"excludes\":[]},\"stored_fields\":[\"\"],\"script_fields\":{},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"date_time\"}],\"query\":{\"bool\":{\"must\":[{\"constant_score\":{\"filter\":{\"range\":{\"@timestamp\":{\"format\":\"epoch_millis\",\"gte\":'$sort$',\"lte\":'$c$'}}}}}],\"filter\":[],\"should\":[],\"must_not\":[]}},\"timeout\":\"30000ms\"}\n{\"index\":\"logstash-default\",\"ignore_unavailable\":true,\"preference\":'$d$'}\n{\"size\":5,\"search_after\":['$sort$',20707492],\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}},{\"_doc\":{\"order\":\"asc\",\"unmapped_type\":\"boolean\"}}],\"version\":true,\"_source\":{\"excludes\":[]},\"stored_fields\":[\"\"],\"script_fields\":{},\"docvalue_fields\":[{\"field\":\"@timestamp\",\"format\":\"date_time\"}],\"query\":{\"bool\":{\"must\":[{\"constant_score\":{\"filter\":{\"range\":{\"@timestamp\":{\"format\":\"epoch_millis\",\"lte\":'$sort$',\"gte\":'$c$'}}}}}],\"filter\":[],\"should\":[],\"must_not\":[]}},\"timeout\":\"30000ms\"}\n' \| jq '.responses[0].hits.hits[] \| $filter'