Querying OpenSearch with Python

Use Python to run search queries against the OpenSearch REST API on your Logit.io stack. This guide covers connection details, Query DSL basics, and a working requests example.

For endpoint, credentials, and ports, see Connect to Your Cluster.

Prerequisites

• An active Logit.io account with a Logs stack.
• Python 3.8 or newer.
• Your OpenSearch API details from Settings → Endpoints on the stack.

Install dependencies

pip install requests

OpenSearch Query DSL

OpenSearch uses a JSON-based Query DSL. Common query types:

• match — full-text search on analyzed fields
• term — exact match on keyword fields
• range — filter by numeric or date ranges (for example @timestamp)

Query with Basic authentication

In Basic (username and password) mode, pass your stack ID and API key to requests as HTTP Basic auth. This is the simplest approach for most Python scripts.

import requests
 
endpoint = "@opensearch.endpointAddress:443"
index = "filebeat-*"
url = f"{endpoint}/{index}/_search"
 
query = {
    "size": 100,
    "query": {
        "bool": {
            "must": [
                {"match": {"message": "error"}}
            ],
            "filter": [
                {"range": {"@timestamp": {"gte": "now-1d/d"}}}
            ]
        }
    }
}
 
response = requests.post(
    url,
    auth=("@opensearch.username", "@opensearch.password"),
    json=query,
    headers={"Content-Type": "application/json"},
)
 
response.raise_for_status()
results = response.json()
 
for hit in results["hits"]["hits"]:
    print(hit["_source"])

Replace filebeat-* with the index or index pattern you want to search.

Query with API key authentication

If your stack uses API key mode, pass your stack API key as the apikey query parameter instead of Basic auth.

import requests
 
endpoint = "@opensearch.endpointAddress:443"
index = "filebeat-*"
url = f"{endpoint}/{index}/_search"
 
query = {
    "size": 100,
    "query": {
        "match_all": {}
    }
}
 
response = requests.post(
    url,
    params={"apikey": "@opensearch.apiKey"},
    json=query,
    headers={"Content-Type": "application/json"},
)
 
response.raise_for_status()
print(response.json())

Tips

• Use a specific index or narrow time range where possible. Broad match_all queries across large indexes can be slow.
• Aggregations help summarise trends (counts, averages, histograms). See the OpenSearch aggregations documentation (opens in a new tab).
• To save results as a file, see Export Data to CSV.
• For indexing or advanced client features, consider the opensearch-py (opens in a new tab) client with the same endpoint and credentials.

Further reading

• Connect to Your Cluster
• Export Data to CSV
• Search APIs
• OpenSearch Query DSL (opens in a new tab)
• API Overview