Search for last 24 hours logs based on field?

Blason · March 8, 2020, 5:47am

Hey Folks,

Can someone please help me on constructing curl based query on src_ip and agg: those for last 24 hours?

here is something I constructed based on count and need help with for timerange

curl -s -XGET "https://127.0.0.1:9200/lox-*/_search" -H 'Content-Type: application/json' -d'
{
  "aggs": {
    "ips": {
      "terms": { "field": "src_ip.keyword", "size": 1000 }
      }
    },
  "size" : 0
  }'
}

Blason · March 8, 2020, 5:49am

may be this I tried but not sure how do I agg:src_ip for last 24 hrs.

curl -XGET 'https://127.0.01:9200/lox-*/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "range" : {
            "msgSubmissionTime" : {
                "gte" : "now-24h",
                "lt" :  "now"
            }
        }
    }
}
```

Topic		Replies	Views
Aggregations / Curl / # of events by device in the past hour Elasticsearch	6	1334	July 5, 2017
A problem when I search data from "now-24h" to "now" Elasticsearch	2	2833	July 27, 2018
Timestamp between now and now-24h Kibana	8	1751	August 16, 2019
Agg last 15 minutes returning just last 2 minutes Elasticsearch	19	1256	May 28, 2020
Curl witch Aggs and Time Elasticsearch	4	453	July 16, 2019

Search for last 24 hours logs based on field?

Related topics