Retrieving information from an ElasticSearch RESTFUL API on a elasticsearch filter

jaatsolutions · January 8, 2026, 7:42pm

I have successfully connected to an elastic search to retrieve the results from the _filter.

GET http://##.##.##.##:9200/events-bluechip*/_search
User-Agent: EasyMorph/5.9
Accept: application/json, application/xml
Connection: Keep-Alive
Accept-Encoding: gzip, deflate

It works fine from a GET perspective. The elastic search want you to actually a POST with the parameters for the query. When you do a post you get a successful connection and it tells you that you have results but the results are not show.

In my case the results is very large and I only want to return from the last 24 hours.

So the post is expecting this in the body POST events-bluechip/_search

POST events-bluechip/_search

{

"_source": ["createdAt", "alertId", "createUser", "fullText"],

"query": {

"bool": {

  "filter": [

    { "range": { "createdAt": { "gte": "now-24h", "lte": "now" } } },

    { "match_phrase_prefix": { "fullText": "Ticket logged with INC Number" } }

  ]

}

}

The net/net

I can connect to elastic search with both GET/POST
A get brings back too much information
to reduce the amount of information a query statement must be sent via a POST.
the post only returns that number of results but I cannot seem to get the actual results.
Easymorph GET ignores the body
Post gives me a body section to put in the query logic but not pass the results to an easymorph table.

Does anyone have a successful Elasticsearch easymorph workflow that is querying the filter on the Elasticsearch filter.

Samuel_Flandrin · January 9, 2026, 6:25am

Have you tried scoring instead of filtering like must in your query ?
Is your json query complète ? Specify size >0 and maybe pagination

POST events-bluechip/_search
{
"_source": ["createdAt", "alertId", "createUser", "fullText"],
"query": {
"bool": {
"filter": [
{ "range": { "createdAt": { "gte": "now-24h", "lte": "now" } } }
],
"must": [
{ "match_phrase_prefix": { "fullText": "Ticket logged with INC Number" } }
]
}
}
}

jaatsolutions · January 9, 2026, 10:50am

You were on the right path. I walked my JSON and it was in there. I do the post and it work and put into a response column.

I then use the parse json action item and it works like a charm.

I am now processing the workflow.

Thank you for your response.

jaatsolutions · January 9, 2026, 10:53am

Should have added the json for others.

{
"size": 500,
"track_total_hits": true,
"_source": ["createdAt", "alertId", "createUser", "fullText"],

"query": {

"bool": {

  "filter": [

    { "range": { "createdAt": { "gte": "{RunDate}", "lte": "{RunDate}" } } },

    { "match_phrase_prefix": { "fullText": "Ticket logged with INC Number" } }

  ]

}

}

{Rundate} is an easymorph parameter so that I can walk the history one day at a time based on my business problem.

Once the data is seeded then I will revert back to last 24 hours daily. The easymorph platform is making this business problem less of a problem to deal with it.