Query Reports

User query data is stored in elasticsearch with the index name querylogs, it can be viewed by accessing https://localhost:9200/_cat/indices.

The data related to queries in the index can be accessed here https://localhost:9200/querylogs/_search?pretty=true.

• You can also filter the data related to queries using Using SQL for Querylogs and Topviewed

Viewing Queries in Kibana

• Kibana can be used to view and search queries from querylogs index in elasticsearch, and generate reports based on the queries.
• The index name that has to be added in the Kibana settings is querylogs.

You can search and generate reports after adding the querylogs index in Kibana.

📘

Additional Note:

To get to know more about Kibana in SearchBlox please check the link:
Kibana Visualizations

Deleting or clearing data from querylog index

Data in the querylog index or the search queries stored in elasticsearch index can be deleted from Kibana using Dev Tools by sending ar clear request to elasticsearch.

• Go to Kibana and access Dev Tools

• Give the following POST request to clear all the data from querylogs index.

POST querylogs/_delete_by_query
{
  "query": {
    "match_all": {}
  }
}

• If you want to delete using date range then give the POST request with date range as shown.

POST querylogs/_delete_by_query
{
 "query": {
 "range" : {
 "created" : {
 "gte" : "2020-01-01T00:00:00",
 "lt" : "2020-06-12T00:00:00"
 }
 }
 }
}

The response would be:

Viewing Queries From Logs

The following log files contain the entry data for searches made in SearchBlox by all users.

• query.log: all search queries.
• data.log: indexed data based on user searches.
  These log files are available here: <SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/logs

🚧

Important Information:

Query logs are deleted that is, log rotation is done once every 14 days.