From c6de7f27f34882b8f679e7f72fe39d5b35d80b8d Mon Sep 17 00:00:00 2001
From: tomryanx <tomryanx@gmail.com>
Date: Wed, 31 Jul 2019 07:19:34 +1000
Subject: [PATCH] add `body` config and ES example

details around manticore's `body` capability, and an example of using it to query elasticsearch in a way that logstash-inputs-elasticsearch cannot (ie with aggs)
---
 docs/index.asciidoc | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/docs/index.asciidoc b/docs/index.asciidoc
index c06e573..196a123 100644
--- a/docs/index.asciidoc
+++ b/docs/index.asciidoc
@@ -62,7 +62,7 @@ output {
 }
 ----------------------------------
 
-Using the HTTP poller with custom a custom CA or self signed cert.
+==== Using the HTTP poller with custom a custom CA or self signed cert.
 
 If you have a self signed cert you will need to convert your server's certificate to a valid# `.jks` or `.p12` file. An easy way to do it is to run the following one-liner, substituting your server's URL for the placeholder `MYURL` and `MYPORT`.
 
@@ -86,6 +86,27 @@ The above snippet will create two files `downloaded_cert.pem` and `downloaded_tr
  }
 ----------------------------------
 
+==== Using Http_poller to query Elasticsearch
+
+This plugin can be used to send a request body to Elasticsearch then process the response. This is especially useful for getting aggregation results.
+
+[source,ruby]
+----------------------------------
+http_poller {
+  urls => {
+    myESurl => {
+      url => "http://localhost:9200/metricbeat-*/_search"
+      body => '{"aggs":{"1":{"avg":{"field":"system.cpu.total.pct"}}},"size":0,"query":{"bool":{"must":[{"range":{"@timestamp":{"gte":"now-10m/m","lte":"now/m"}}}]}}}'
+      method => post
+      headers => {
+        "Content-Type" => "application/json"
+      }
+    }
+  }
+  schedule => { every => "10m" }
+}
+----------------------------------
+
 
 [id="plugins-{type}s-{plugin}-options"]
 ==== Http_poller Input Configuration Options
@@ -98,6 +119,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|no
 | <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-body>> |<<string,string>>|no
 | <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|No
 | <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|No
@@ -156,6 +178,14 @@ How many times should the client retry a failing URL. We highly recommend NOT se
 to zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry!
 Note: if `retry_non_idempotent` is set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.
 
+id="plugins-{type}s-{plugin}-body"]
+===== `body` 
+
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+Request body to send with each request. Note that you must set this per-URL.
+
 [id="plugins-{type}s-{plugin}-cacert"]
 ===== `cacert`