How to save search filter automatically using CURL command

Hi,
When i’m trying to save a search filter i’m getting the error. Please find the below output.

[root@example ~]# curl -XPUT http://localhost:9200/.kibana/search/http-response-200 -d '{"_id": "523c22b0-fa06-11e7-9220-ab1ecb28a04f","_type": "search","_source": {"title": "http-response-200","description": "","hits": 0,"columns": ["_source"],"sort": ["@timestamp","desc"],"version": 1,"kibanaSavedObjectMeta": {"searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"http.response.code: 200\",\"analyze_wildcard\":true}},\"filter\":[]}"}}}'
{"error":{"root_cause":[{"type":"mapper_parsing_exception","reason":"Field [_id] is a metadata field and cannot be added inside a document. Use the index API request parameters."}],"type":"mapper_parsing_exception","reason":"Field [_id] is a metadata field and cannot be added inside a document. Use the index API request parameters."},"status":400}

Error message is pretty self explanatory if you ask me, “Field [_id] is a metadata field and cannot be added inside a document. Use the index API request parameters.”.
Your request needs to look like this instead:

curl -XPUT "http://localhost:9200/.kibana/search/http-response-200" -d '{
  "title": "http-response-200",
  "description": "",
  "hits": 0,
  "columns": ["_source"],
  "sort": ["@timestamp","desc"],
  "version": 1,
  "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"http.response.code: 200\",\"analyze_wildcard\":true}},\"filter\":[]}"}
}'

Thank you.

Its working.
Can you also tell me how to save this search filter as visualization filer.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.