Hey Folks,
Can someone please help me on constructing curl based query on src_ip and agg: those for last 24 hours?
here is something I constructed based on count and need help with for timerange
curl -s -XGET "https://127.0.0.1:9200/lox-*/_search" -H 'Content-Type: application/json' -d'
{
"aggs": {
"ips": {
"terms": { "field": "src_ip.keyword", "size": 1000 }
}
},
"size" : 0
}'
}
may be this I tried but not sure how do I agg:src_ip for last 24 hrs.
curl -XGET 'https://127.0.01:9200/lox-*/_search?pretty' -H 'Content-Type: application/json' -d'
{
"query": {
"range" : {
"msgSubmissionTime" : {
"gte" : "now-24h",
"lt" : "now"
}
}
}
}
```This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.