{"id":"0b7fcb4b-e399-4e95-b96c-dc0a22e65725","shortId":"m4WW84","kind":"skill","title":"elasticsearch","tagline":"Query Elasticsearch logs, APM traces, and errors via curl — index patterns, field names, auth setup, and time-range syntax","description":"Query application logs, APM traces, and errors using the Elasticsearch REST API directly.\n\nAuth: `Authorization: ApiKey $ES_API_KEY` against `$ES_URL`.\n\n## Time range syntax\n\nPass `time_range` as a string like `15m`, `1h`, `24h`, `7d`. Translates to `now-{value}{unit}` in ES range filters.\n\n## Query logs\n\nSearch application logs. Index: `logs-*`. Sorted by `@timestamp` desc.\n\n```bash\nES_QUERY='{\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"YOUR LUCENE QUERY HERE\"}},{\"range\":{\"@timestamp\":{\"gte\":\"now-1h\"}}}]}},\"_source\":[\"@timestamp\",\"message\",\"log.level\",\"service.name\",\"trace.id\"],\"sort\":[{\"@timestamp\":\"desc\"}],\"size\":100}'\n\ncurl -s -X POST \"$ES_URL/logs-*/_search\" \\\n  -H \"Authorization: ApiKey $ES_API_KEY\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \"$ES_QUERY\" \\\n  | jq '.hits.hits[]._source | {ts: .[\"@timestamp\"], level: .[\"log.level\"], svc: .[\"service.name\"], msg: .message}'\n```\n\nAdd a service filter by inserting a `term` clause into the `must` array:\n```json\n{\"term\": {\"service.name\": \"my-service\"}}\n```\n\n## Query APM traces\n\nFind slow transactions. Index: `traces-apm*`. Sorted by duration desc.\n\n```bash\n# min_duration_ms converts to microseconds: 500ms → 500000us\nMIN_US=500000\n\nES_QUERY=\"{\\\"query\\\":{\\\"bool\\\":{\\\"must\\\":[{\\\"range\\\":{\\\"@timestamp\\\":{\\\"gte\\\":\\\"now-1h\\\"}}},{\\\"range\\\":{\\\"transaction.duration.us\\\":{\\\"gte\\\":$MIN_US}}}]}},\\\"_source\\\":[\\\"@timestamp\\\",\\\"service.name\\\",\\\"transaction.name\\\",\\\"transaction.duration.us\\\",\\\"transaction.result\\\",\\\"trace.id\\\"],\\\"sort\\\":[{\\\"transaction.duration.us\\\":\\\"desc\\\"}],\\\"size\\\":50}\"\n\ncurl -s -X POST \"$ES_URL/traces-apm*/_search\" \\\n  -H \"Authorization: ApiKey $ES_API_KEY\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \"$ES_QUERY\" \\\n  | jq '.hits.hits[]._source | {ts: .[\"@timestamp\"], svc: .[\"service.name\"], tx: .[\"transaction.name\"], ms: (.[\"transaction.duration.us\"] / 1000 | round), result: .[\"transaction.result\"]}'\n```\n\n## Query APM errors\n\nFind exceptions and error groups. Index: `logs-apm.error-*`. Sorted by `@timestamp` desc.\n\n```bash\nES_QUERY='{\"query\":{\"bool\":{\"must\":[{\"exists\":{\"field\":\"error.exception\"}},{\"range\":{\"@timestamp\":{\"gte\":\"now-1h\"}}}]}},\"_source\":[\"@timestamp\",\"error.exception.type\",\"error.exception.message\",\"error.grouping_key\",\"service.name\",\"transaction.name\"],\"sort\":[{\"@timestamp\":\"desc\"}],\"size\":50}'\n\ncurl -s -X POST \"$ES_URL/logs-apm.error-*/_search\" \\\n  -H \"Authorization: ApiKey $ES_API_KEY\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \"$ES_QUERY\" \\\n  | jq '.hits.hits[]._source | {ts: .[\"@timestamp\"], svc: .[\"service.name\"], type: .[\"error.exception.type\"], msg: .[\"error.exception.message\"]}'\n```\n\n## Tips\n\n- `query_string` uses Lucene syntax: `error AND timeout`, `level:ERROR`, `message:\"connection refused\"`\n- To count by service: append `,\"aggs\":{\"by_svc\":{\"terms\":{\"field\":\"service.name\",\"size\":10}}}` and read `.aggregations.by_svc.buckets`\n- `trace.id` links logs ↔ traces ↔ errors across indices\n- If `$ES_API_KEY` is missing, ensure the variable is set in your environment (open a new shell)","tags":["elasticsearch","dotfiles","athal7","agent-skills"],"capabilities":["skill","source-athal7","skill-elasticsearch","topic-agent-skills"],"categories":["dotfiles"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/athal7/dotfiles/elasticsearch","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add athal7/dotfiles","source_repo":"https://github.com/athal7/dotfiles","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (3,024 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:34.633Z","embedding":null,"createdAt":"2026-05-18T13:22:29.522Z","updatedAt":"2026-05-18T19:14:34.633Z","lastSeenAt":"2026-05-18T19:14:34.633Z","tsv":"'/_search':114,219,297 '10':349 '100':107 '1000':245 '15m':54 '1h':55,96,195,277 '24h':56 '50':212,290 '500000':184 '500000us':181 '500ms':180 '7d':57 'across':358 'add':140 'agg':342 'aggregations.by_svc.buckets':352 'api':33,39,119,224,302,362 'apikey':37,117,222,300 'apm':5,25,160,168,250 'append':341 'applic':23,70 'application/json':125,230,308 'array':152 'auth':15,35 'author':36,116,221,299 'bash':78,173,263 'bool':82,188,267 'claus':148 'connect':335 'content':123,228,306 'content-typ':122,227,305 'convert':177 'count':338 'curl':10,108,213,291 'd':126,231,309 'desc':77,105,172,210,262,288 'direct':34 'durat':171,175 'elasticsearch':1,3,31 'ensur':366 'environ':373 'error':8,28,251,255,329,333,357 'error.exception':271 'error.exception.message':281,322 'error.exception.type':280,320 'error.grouping':282 'es':38,42,64,79,112,118,127,185,217,223,232,264,295,301,310,361 'except':253 'exist':269 'field':13,270,346 'filter':66,143 'find':162,252 'group':256 'gte':93,192,198,274 'h':115,121,220,226,298,304 'hits.hits':130,235,313 'index':11,72,165,257 'indic':359 'insert':145 'jq':129,234,312 'json':153 'key':40,120,225,283,303,363 'level':134,332 'like':53 'link':354 'log':4,24,68,71,73,355 'log.level':100,135 'logs-apm.error':258 'lucen':88,327 'messag':99,139,334 'microsecond':179 'min':174,182,199 'miss':365 'ms':176,243 'msg':138,321 'must':83,151,189,268 'my-servic':156 'name':14 'new':376 'now-1h':94,193,275 'open':374 'pass':47 'pattern':12 'post':111,216,294 'queri':2,22,67,80,81,84,86,89,128,159,186,187,233,249,265,266,311,324 'rang':20,45,49,65,91,190,196,272 'read':351 'refus':336 'rest':32 'result':247 'round':246 'search':69 'servic':142,158,340 'service.name':101,137,155,203,240,284,318,347 'set':370 'setup':16 'shell':377 'size':106,211,289,348 'skill' 'skill-elasticsearch' 'slow':163 'sort':74,103,169,208,259,286 'sourc':97,131,201,236,278,314 'source-athal7' 'string':52,85,325 'svc':136,239,317,344 'syntax':21,46,328 'term':147,154,345 'time':19,44,48 'time-rang':18 'timeout':331 'timestamp':76,92,98,104,133,191,202,238,261,273,279,287,316 'tip':323 'topic-agent-skills' 'trace':6,26,161,167,356 'trace.id':102,207,353 'traces-apm':166 'transact':164 'transaction.duration.us':197,205,209,244 'transaction.name':204,242,285 'transaction.result':206,248 'translat':58 'ts':132,237,315 'tx':241 'type':124,229,307,319 'unit':62 'url':43 'url/logs-':113 'url/logs-apm.error-':296 'url/traces-apm':218 'us':183,200 'use':29,326 'valu':61 'variabl':368 'via':9 'x':110,215,293","prices":[{"id":"2b9b2a7d-aa94-4092-85ae-84efdacf6a36","listingId":"0b7fcb4b-e399-4e95-b96c-dc0a22e65725","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"athal7","category":"dotfiles","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:29.522Z"}],"sources":[{"listingId":"0b7fcb4b-e399-4e95-b96c-dc0a22e65725","source":"github","sourceId":"athal7/dotfiles/elasticsearch","sourceUrl":"https://github.com/athal7/dotfiles/tree/main/skills/elasticsearch","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:29.522Z","lastSeenAt":"2026-05-18T19:14:34.633Z"}],"details":{"listingId":"0b7fcb4b-e399-4e95-b96c-dc0a22e65725","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"athal7","slug":"elasticsearch","github":{"repo":"athal7/dotfiles","stars":6,"topics":["agent-skills"],"license":null,"html_url":"https://github.com/athal7/dotfiles","pushed_at":"2026-05-18T18:53:57Z","description":null,"skill_md_sha":"810e4c8edd5c2446f1178886d37acd0de6112d30","skill_md_path":"skills/elasticsearch/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/athal7/dotfiles/tree/main/skills/elasticsearch"},"layout":"multi","source":"github","category":"dotfiles","frontmatter":{"name":"elasticsearch","license":"MIT","description":"Query Elasticsearch logs, APM traces, and errors via curl — index patterns, field names, auth setup, and time-range syntax"},"skills_sh_url":"https://skills.sh/athal7/dotfiles/elasticsearch"},"updatedAt":"2026-05-18T19:14:34.633Z"}}