Hi all,
Getting a 400 Error while trying to fetch the total count of IP connecting to our system and then sort the IP list based on the top 5.
We have Kibana version 7.8 installed.
Requirement ::
Get the list of top 5 IPs connecting to our system in the last 30 minutes.
Command used ::
curl -ks -u "user:password" -H 'Content-Type: application/json' -XGET 'https://<Elastic_IP>/logstash-yyyy.mm.dd/_count?pretty' -d '{
"aggs": {
"2": {
"terms": {
"field": "ap_client_ip.keyword",
"order": {
"_count": "desc"
},
"size": 5
},
"aggs": {
"3": {
"terms": {
"field": "geoip.country_name.keyword",
"order": {
"_count": "desc"
},
"size": 5
}
}
}
}
},
"size": 0,
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
},
{
"field": "event_timestamp",
"format": "date_time"
}
],
"_source": {
"excludes": []
},
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"application": "apache"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"environment": "PROD"
}
}
],
"minimum_should_match": 1
}
}
]
}
},
{
"range": {
"@timestamp": {
"gt": "now-30m",
"format": "strict_date_optional_time"
}
}
}
],
"should": [],
"must_not": []
}
}
}'
Output Received ::
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "request does not support [aggs]",
"line" : 2,
"col" : 3
}
],
"type" : "parsing_exception",
"reason" : "request does not support [aggs]",
"line" : 2,
"col" : 3
},
"status" : 400
}
Can someone please have a check on the command used and advise ?
P.S. Checked the doc but cannot identify what is missing.