Search for last 24 hours logs based on field?

Blason · March 8, 2020, 5:47am

Hey Folks,

Can someone please help me on constructing curl based query on src_ip and agg: those for last 24 hours?

here is something I constructed based on count and need help with for timerange

curl -s -XGET "https://127.0.0.1:9200/lox-*/_search" -H 'Content-Type: application/json' -d'
{
  "aggs": {
    "ips": {
      "terms": { "field": "src_ip.keyword", "size": 1000 }
      }
    },
  "size" : 0
  }'
}

Blason · March 8, 2020, 5:49am

may be this I tried but not sure how do I agg:src_ip for last 24 hrs.

curl -XGET 'https://127.0.01:9200/lox-*/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "range" : {
            "msgSubmissionTime" : {
                "gte" : "now-24h",
                "lt" :  "now"
            }
        }
    }
}
```

system · April 5, 2020, 5:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Curl witch Aggs and Time Elasticsearch	4	418	July 16, 2019
Query an Elasticsearch index for one field, all documents in last 24 hours? Elasticsearch	2	266	November 2, 2023
TIme interval searchs in elasticsearch Elasticsearch	1	420	July 5, 2017
Compare difference in field over time Elasticsearch	1	388	August 9, 2018
ElasticSearch dedupe quarry/ Aggregation question (I am a noob) Elasticsearch	2	433	June 14, 2019

Search for last 24 hours logs based on field?

Related topics