Using Kibana API as an Elasticsearch Proxy

While searching for an elasticsearch tail -f, I stumble upon this nice piece of software that does exactly that. Reading the configuration file I noticed the server_kibana-proxy section and wondered if that meant that elasticsearch could be queried via kibana, and it turns out that yes, you don’t have to expose ES port (:9200), you can use kibana’s API instead, in particular the console API to be able to query ES directly.

Here’s the magic command:

$ curl -H "Authorization: APiKey XXX" \
  -H "kbn-version: x.y.z" \
    -H "Content-Type: application/json" \
    "https://kibana/api/console/proxy/path=/index/_search&method=POST" \
    -d '{"query":{"match_all":{}}'

• here’s a great article on how to get an API key https://techexpert.tips/elasticsearch/elasticsearch-authentication-using-api/ but out of lazyness you can also use your ES credentials either using ${HOME}/.netrc or the command line with -u username:password
• the kbn-version header is also mandatory and it corresponds to your kibana version, i.e. 8.4.0
• in the query URL, possibly change the index to yours
• then like a standard elasticsearch query, pass it as data

Greetings to this gist which put me on track.