kibana常用聚合查询DSL语句记录
--------
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"should": [
{
"term": {
"action": {
"value": "LIST"
}
}
},
{
"term": {
"action": {
"value": "RETR"
}
}
},
{
"term": {
"action": {
"value": "STOR"
}
}
},
{
"term": {
"action": {
"value": "DELE"
}
}
}
],
"minimum_number_should_match": 1,
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"RETR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
------
GET winlogbeat-*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : 1511654400000,
"to" : 1511740800000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"filedir_count" : {
"terms" : {
"field" : "filedir",
"size" : 10,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
---------
RPT_C001_20171125.txt
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"filedir": {
"value": "/SJPT"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"term" : {
"action" : {
"value" : "LIST",
"boost" : 1.0
}
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
},
"aggList" : {
"terms" : {
"field" : "account",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"account": {
"value": "ICCCUAT\\uatjc06400"
}
}
},
{
"terms": {
"action": [
"LIST"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
kibana常用聚合查询DSL语句记录的更多相关文章
- ElasticSearch 常用的查询过滤语句
query 和 filter 的区别请看: http://www.cnblogs.com/ghj1976/p/5292740.html Filter DSL term 过滤 term主要用于精确匹配 ...
- [转] ElasticSearch 常用的查询过滤语句
备忘remark https://www.cnblogs.com/ghj1976/p/5293250.html query 和 filter 的区别请看: http://www.cnblogs.co ...
- 软件测试最常用的 SQL 命令 | 掌握基本查询、条件查询、聚合查询
1.DML核心CRUD增删改查 缩写全称和对应 SQL: * DML 数据操纵语言:Data Manipulation Language * Create 增加:insert * Retrieve 查 ...
- Mongoose中的关联表查询 && 聚合查询
注:阅读此篇文章,需要有一定的Mongo基础.基本的不会再重复介绍. 例: 有两张表,一张是博客列表,另外一张是博客的标签表.现在我们要做两张表的插入和关联查询. 创建两张表的Schema 主表bl ...
- {django模型层(二)多表操作}一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询、分组查询、F查询和Q查询
Django基础五之django模型层(二)多表操作 本节目录 一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询.分组查询.F查询和Q查询 六 xxx 七 ...
- 数据库基本查询语句(SQL常用增删改查语句 简单复习 mark)
SQL常用增删改查语句 1增 1.1[插入单行]insert [into] <表名> (列名) values (列值)例:insert into Strdents (姓名,性别,出生日期) ...
- orm分组,聚合查询,执行原生sql语句
from django.db.models import Avg from app01 import models annotate:(聚合查询) ret=models.Article.objects ...
- 微擎查询SQL语句常用
pdo_fetch:根据SQL语句,查询一条记录 array | boolean pdo_fetch($sql, $params = array()); // :uid 是参数的一个点位符,没有使用引 ...
- [转] 常用SQL查询语句
sunada 的原文地址 常用SQL查询语句 一.简单查询语句 1. 查看表结构 SQL>DESC emp; 2. 查询所有列 SQL>SELECT * FROM emp; 3. 查询指 ...
随机推荐
- MySQL中时间函数NOW()和SYSDATE()的区别
mysql中日期函数还是比较常用的.主要有NOW()和SYSDATE()两种,虽然都表示当前时间,但使用上有一点点区别. NOW()取的是语句开始执行的时间,SYSDATE()取的是动态的实时时间. ...
- PHP中文网上的分页代码
page.php <html> <head> <meta http-equiv="CONTENT-TYPE" content="text/h ...
- tomcat-users.xml 配置
一:tomcat6配置管理员信息 1:打开tomcat6下的~/conf/tomcat-users.xml文件,关于用户角色.管理员的信息都在这个配置文件中. 2:在配置文件<tomcat-us ...
- win10 store 无法连接网络
当你试过所有的解决攻略 都无效时,那么使用这个教程 关闭以下的蓝色框里的
- Asp.net core 2.0.1 Razor 的使用学习笔记(五)
按说这里应该写关于Role角色类的笔记,但是我还没时间实验这块,所以等以后我搞定了再来分享.现在先写其他部分. Asp.net core 2.0.1 Razor 的使用学习笔记——建立模型 按照微软官 ...
- win10下配置php环境变量
下载php,解压. 比如解压到E盘,目录为"E:\PHP". 打开php目录,复制一个php.ini-development文件,改名为php.ini. 打开php.ini,将 e ...
- java之过滤器Filter
Java三大器之过滤器(Filter)的工作原理和代码演示 一.Filter简介 Filter也称之为过滤器,它是Servlet技术中最激动人心的技术之一,WEB开发人员通过Filter技术,对w ...
- 【三思笔记】 全面学习Oracle分区表及分区索引
[三思笔记]全面学习Oracle分区表及分区索引 2008-04-15 关于分区表和分区索引(About PartitionedTables and Indexes) 对于 10gR2 而言,基本上可 ...
- android adb shell and monkey 学习记录
Monkey环境: android SDK and JDK SDK目录下的platform-tools和tools目录要配置环境变量 查看版本: ADB 的安装这里就不多说了,输入以下命令有如下提示就 ...
- vue2.0父子组件之间通信
父组件是通过props属性给子组件通信的来看下代码: 父组件: <parent> <child :child-com="content"></chil ...