This processor is intended for use with the Elasticsearch JSON DSL and Elasticsearch 5.X and newer. It is designed to be able to take a query from Kibana and execute it as-is against an Elasticsearch cluster. Like all processors in the "restapi" bundle, it uses the official Elastic client APIs, so it supports leader detection.

The query to execute can be provided either in the Query configuration property or in an attribute on a flowfile. In the latter case, the name of the attribute (Expression Language is supported here) must be provided in the Query Attribute property.

Additionally, search results and aggregation results can be split up into multiple flowfiles. Aggregation results will only be split at the top level because nested aggregations lose their context (and thus lose their value) if separated from their parent aggregation. The following is an example query that would be accepted:

        {
            "query": {
                "match": {
                    "restaurant.keyword": "Local Pizzaz FTW Inc"
                }
            },
            "aggs": {
                "weekly_sales": {
                  "date_histogram": {
                    "field": "date",
                    "interval": "week"
                  },
                  "aggs": {
                    "items": {
                      "terms": {
                        "field": "product",
                        "size": 10
                      }
                    }
                  }
                }
            }
        }