TIL You can query the sal using elastic's api directly
See elastic's Match Query docs and the Toolforge ElasticSearch docs for explanation
#!/usr/bin/env bash ELASTIC='http://elasticsearch.svc.tools.eqiad1.wikimedia.cloud' curl -XGET -H'Content-type: application/json' "$ELASTIC"'/sal/_search?pretty=true' -d '{ "query": { "match": { "message": { "query": "SOME QUERY", "operator": "AND" } } }, "sort": [{"@timestamp": "asc"}] }'
Can also use bool queries.
For example, the first time I ran scap:
#!/usr/bin/env bash ELASTIC='http://elasticsearch.svc.tools.eqiad1.wikimedia.cloud' curl -XGET -H'Content-type: application/json' "$ELASTIC"'/sal/_search?pretty=true' -d '{ "query": { "bool": { "must": [ {"match": {"nick": "thcipriani"}}, {"match": {"project": "production"}}, {"match": {"message": {"query": "started scap", "operator": "AND"}}} ] } }, "sort": [{"@timestamp": "asc"}] }'