kibana常用聚合查询DSL语句记录
--------
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"should": [
{
"term": {
"action": {
"value": "LIST"
}
}
},
{
"term": {
"action": {
"value": "RETR"
}
}
},
{
"term": {
"action": {
"value": "STOR"
}
}
},
{
"term": {
"action": {
"value": "DELE"
}
}
}
],
"minimum_number_should_match": 1,
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"RETR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
------
GET winlogbeat-*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : 1511654400000,
"to" : 1511740800000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"filedir_count" : {
"terms" : {
"field" : "filedir",
"size" : 10,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
---------
RPT_C001_20171125.txt
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"filedir": {
"value": "/SJPT"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"term" : {
"action" : {
"value" : "LIST",
"boost" : 1.0
}
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
},
"aggList" : {
"terms" : {
"field" : "account",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"account": {
"value": "ICCCUAT\\uatjc06400"
}
}
},
{
"terms": {
"action": [
"LIST"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
kibana常用聚合查询DSL语句记录的更多相关文章
- ElasticSearch 常用的查询过滤语句
query 和 filter 的区别请看: http://www.cnblogs.com/ghj1976/p/5292740.html Filter DSL term 过滤 term主要用于精确匹配 ...
- [转] ElasticSearch 常用的查询过滤语句
备忘remark https://www.cnblogs.com/ghj1976/p/5293250.html query 和 filter 的区别请看: http://www.cnblogs.co ...
- 软件测试最常用的 SQL 命令 | 掌握基本查询、条件查询、聚合查询
1.DML核心CRUD增删改查 缩写全称和对应 SQL: * DML 数据操纵语言:Data Manipulation Language * Create 增加:insert * Retrieve 查 ...
- Mongoose中的关联表查询 && 聚合查询
注:阅读此篇文章,需要有一定的Mongo基础.基本的不会再重复介绍. 例: 有两张表,一张是博客列表,另外一张是博客的标签表.现在我们要做两张表的插入和关联查询. 创建两张表的Schema 主表bl ...
- {django模型层(二)多表操作}一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询、分组查询、F查询和Q查询
Django基础五之django模型层(二)多表操作 本节目录 一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询.分组查询.F查询和Q查询 六 xxx 七 ...
- 数据库基本查询语句(SQL常用增删改查语句 简单复习 mark)
SQL常用增删改查语句 1增 1.1[插入单行]insert [into] <表名> (列名) values (列值)例:insert into Strdents (姓名,性别,出生日期) ...
- orm分组,聚合查询,执行原生sql语句
from django.db.models import Avg from app01 import models annotate:(聚合查询) ret=models.Article.objects ...
- 微擎查询SQL语句常用
pdo_fetch:根据SQL语句,查询一条记录 array | boolean pdo_fetch($sql, $params = array()); // :uid 是参数的一个点位符,没有使用引 ...
- [转] 常用SQL查询语句
sunada 的原文地址 常用SQL查询语句 一.简单查询语句 1. 查看表结构 SQL>DESC emp; 2. 查询所有列 SQL>SELECT * FROM emp; 3. 查询指 ...
随机推荐
- 基于百度地图SDK和Elasticsearch GEO查询的地理围栏分析系统(3)-前端实现
转载自:http://www.cnblogs.com/Auyuer/p/8086975.html MoonLight可视化订单需求区域分析系统实现功能: 在现实生活中,计算机和互联网迅速发展,人们越来 ...
- nc简单应用
传输本地文件test到172.19.135.12: 172.19.135.12接收端 nc -l 1234 > test 本地为 发送端 nc 172.19.135.12 1234 & ...
- Tomcat(四):tomcat图形管理和身份认证
*/ .hljs { display: block; overflow-x: auto; padding: 0.5em; color: #333; background: #f8f8f8; } .hl ...
- Ubuntu中使用dnw工具:没有找到/dev/secbulk0
Ubuntu中使用dnw动机: 一. 之前没有用ubuntu中的dnw,想试试. 二. 因为换了win10系统,怕搞不定win10中dnw的驱动,想着在ubuntu中不用禁用数字签名啥的比较省心.(事 ...
- 搭建内网的NTP时间服务器
NTP时间服务器 标签: linux 笔者Q:972581034 交流群:605799367.有任何疑问可与笔者或加群交流 1.简介 NTP(Network Time Protocol,网络时间协议) ...
- python简单分布式demo
A服务器是master,B服务器为worker, A服务器上执行taskManger.py # coding:utf-8 import random,time,Queue from multiproc ...
- Python笔记001-----简介及常用的库
1.Python是一种解释性语言,大部分代码要比编译型语言(如C++,java等)运行要慢点多.2.对于高并发,多线程的应用程序而言,Python并不是理想语言,python有全局解释器锁(Globa ...
- 【COOKIE 与 SESSION】
一.相关概念 cookie的出现,解决http协议无状态特性 由于http协议无法保持状态,但实际情况,我们却又需要"保持状态",因此cookie就是在这样一个场景下诞生. 举例: ...
- c# 实现mysql事务
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.T ...
- 给php加速安装APC
说明:APC-3.1.13 适应于 php-5.4.27 下载: wget http://blog.xinfilm.com/softdir/APC-3.1.13.tgz tar -zxvf APC-3 ...