Elasticsearch query

Grafana Elasticsearch
1

Hey everyone!

Im new to Grafana, and I would like to use query like this one (or even more complicated ) but I dont know if grafana will support something like this, ( I think grafana dont support nested object…) If anyone has any solution ( I would like to filter based on a specific affected product or a specific version of a product… so I can generate Alerts …)

  • each CVE may have more than one affected product (or more then one version for a product)… so this is make it more complexe using grafana i think …

Thank you for your help everyone.

curl -X POST “http://localhost:9200/cve_details/_search?pretty” -H ‘Content-Type: application/json’ -d’
{
“query”: {
“nested”: {
“path”: “SoftwareAffected”,
“query”: {
“bool”: {
“must”: [
{
“match”: {
“SoftwareAffected.Product.keyword”: “******”
}
}
]
}
}
}
}
}

here is my data structure (im using elasticsearch as datasource ):

curl -X GET “http://localhost:9200/cve_details/_mapping?pretty
{
“cve_details” : {
“mappings” : {
“properties” : {
“AssignerShortName” : {
“type” : “keyword”
},
“BaseScore” : {
“type” : “keyword”
},
“BaseSeverity” : {
“type” : “keyword”
},
“CVE ID” : {
“type” : “keyword”
},
“Description” : {
“type” : “keyword”
},
“Publication Date” : {
“type” : “date”
},
“Reference Links” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”
}
}
},
“Software Affected” : {
“type” : “nested”,
“properties” : {
“CPEs” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“Product” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“Vendor” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“Versions” : {
“properties” : {
“LessThan” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“Status” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“Version” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
}
}
}
}
},
“Updated Date” : {
“type” : “date”
}
}
}
}
}

2

please clean up the json data you posted, as is it is not usable. so from this json which data part of it do you want to visualize and into what visualization?