REST API query question

f26227279 · July 24, 2018, 9:13am

Hi, I want to filter out the Sum_PKTS which value is lower than 10.
How could I merge the two query string?
Is it possible?

{
   "range":{
        "Sum_PKTS":{
                "gte": 10
              }
       }
}

--

GET /_search
{
  "size" : 0,
  "query": {
    "bool": {
      "should": [
        {
            "match":{"IPV4_DST_ADDR":"192.168.0.0/16"}
        },
        {
            "match":{"IPV4_SRC_ADDR":"192.168.0.0/16"}
        }
      ],
      "minimum_should_match": 1,
      "must":[
        {
          "range":{
            "@timestamp":{
            "gte":"now-5m"
            }
          }
        }
      ]
    }
  },
    "aggs": {
      "DST_Local_IP": {
        "filter": {
          "bool": {
            "filter": {
                "match":{"IPV4_DST_ADDR":"192.168.0.0/16"}
              }
            }
          },
          "aggs": {
                "genres":{
                    "terms" : {
					"field" : "IPV4_DST_ADDR" ,
					"order" : { "Sum_PKTS" : "desc" }
                    },
                    "aggs":{
			         "Sum_PKTS": {
					 "sum" : { "field" : "Packet" }
                    }
              }
            }
          }
      }, 
      "SRC_Local_IP": {
      "filter": {
        "bool": { 
          "filter": {
              "match":{"IPV4_SRC_ADDR":"192.168.0.0/16"}
            }
          }
        },
		"aggs": {
            "genres":{
                "terms" : {
                    "field" : "IPV4_SRC_ADDR" ,
                    "order" : { "Sum_PKTS" : "desc" }
                    },
                    "aggs":{
				    "Sum_PKTS": {
					"sum" : { "field" : "Packet" }
                }
              }
            }
          }
      }
  }
}

thank you in advance!

system · August 21, 2018, 9:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.