sirianni · December 13, 2016 20:56
diff --git a/script.sh b/script.sh
 curl -v --data @query.json http://localhost:9200/myindex/_search \
    | jq --compact-output --raw-output \
        '.hits.hits[] | ._source | [.["@timestamp"], .user.login, .user.accountName, .user.class, .user.accountType, .request.urlPath] | @csv'
	curl -v --data @query.json http://localhost:9200/myindex/_search \
	\| jq --compact-output --raw-output \
	'.hits.hits[] \| ._source \| [.["@timestamp"], .user.login, .user.accountName, .user.class, .user.accountType, .request.urlPath] \| @csv'