Create a search for IOCs

JA_cintegration · October 9, 2024, 1:17pm

Trying to create a query search for IPs found in the last 24 hours.
I have been testing with:

GET /index/_search

{
  "query": {
    "match": {
      "event.category": "network"
    }
  }
}

Or:
POST /*index_name*/_async_search

{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-24h",
        "lt": "now"
      }
    }
  },
  "size": 10
}

Or:

POST /index_name*/_async_search?size=0
including:
POST /index_name*/_async_search?wait_for_completion_timeout=200ms

{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-24h",
        "lt": "now"
      }
    }
  },
  "size": 10
}

I have also used GET /_search and POST /_search but in some cases Im able to get an id but the hits are 0. I can search for the id by using the: GET /_async_search/ but once again I get 0 for hits.

nfeekery · October 15, 2024, 3:12pm

From Elastic Search to Elasticsearch

nfeekery · October 15, 2024, 3:12pm

Removed elastic-app-search

system · November 12, 2024, 3:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch return search response very quickly with timeout:true Elasticsearch docker	9	673	February 7, 2023
Search for last 24 hours logs based on field? Elasticsearch	2	4548	April 5, 2020
Async query not returning results + search context failures Elasticsearch	14	1764	October 26, 2020
No search context found for id Elasticsearch	4	164	September 6, 2024
A problem when I search data from "now-24h" to "now" Elasticsearch	2	2755	July 27, 2018

Create a search for IOCs

Related topics