kibana常用聚合查询DSL语句记录
--------
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"should": [
{
"term": {
"action": {
"value": "LIST"
}
}
},
{
"term": {
"action": {
"value": "RETR"
}
}
},
{
"term": {
"action": {
"value": "STOR"
}
}
},
{
"term": {
"action": {
"value": "DELE"
}
}
}
],
"minimum_number_should_match": 1,
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"RETR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
------
GET winlogbeat-*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : 1511654400000,
"to" : 1511740800000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"filedir_count" : {
"terms" : {
"field" : "filedir",
"size" : 10,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
---------
RPT_C001_20171125.txt
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"terms" : {
"action" : [
"LIST",
"STOR",
"DELE",
"RETR"
],
"boost" : 1.0
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.25,winlogbeat-2017.11.26/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
},
"size": 0,
"aggs": {
"ff": {
"terms": {
"field": "filedir",
"size": 100
}
}
}
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"filedir": {
"value": "/SJPT"
}
}
},
{
"terms": {
"action": [
"LIST",
"DELE",
"RETR",
"STOR"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
------
GET winlogbeat-2017.11.*/_search
{
"size": 0,
"query" : {
"bool" : {
"must" : [
{
"range" : {
"@timestamp" : {
"from" : "2017-11-26T00:00:00.000+08:00",
"to" : "2017-11-26T23:59:59.000+08:00",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"term" : {
"Appname" : {
"value" : "FTP",
"boost" : 1.0
}
}
},
{
"term" : {
"action" : {
"value" : "LIST",
"boost" : 1.0
}
}
}
],
"must_not" : [
{
"match" : {
"message" : {
"query" : ".ok",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
},
{
"term" : {
"filedir" : {
"value" : "-",
"boost" : 1.0
}
}
},
{
"match" : {
"filedir" : {
"query" : "/%{[filesub][1]}",
"operator" : "OR",
"prefix_length" : 0,
"max_expansions" : 50,
"fuzzy_transpositions" : true,
"lenient" : false,
"zero_terms_query" : "NONE",
"boost" : 1.0
}
}
}
],
"disable_coord" : false,
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"aggTop" : {
"terms" : {
"field" : "filedir",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
},
"aggList" : {
"terms" : {
"field" : "account",
"size" : 50,
"shard_size" : -1,
"min_doc_count" : 1,
"shard_min_doc_count" : 0,
"show_term_doc_count_error" : false,
"order" : [
{
"_count" : "desc"
},
{
"_term" : "asc"
}
]
}
}
},
"ext" : { }
}
GET winlogbeat-2017.11.*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"Appname": {
"value": "FTP"
}
}
},
{
"term": {
"account": {
"value": "ICCCUAT\\uatjc06400"
}
}
},
{
"terms": {
"action": [
"LIST"
]
}
},
{
"range": {
"@timestamp": {
"gte": "2017-11-26T00:00:00.000+08:00",
"lte": "2017-11-26T23:59:59.000+08:00"
}
}
}
],
"must_not": [
{
"term": {
"filedir": {
"value": "/%{[filesub][1]}"
}
}
},{
"term": {
"filedir": {
"value": "-"
}
}
},{
"match": {
"message": ".ok"
}
}
]
}
}
}
kibana常用聚合查询DSL语句记录的更多相关文章
- ElasticSearch 常用的查询过滤语句
query 和 filter 的区别请看: http://www.cnblogs.com/ghj1976/p/5292740.html Filter DSL term 过滤 term主要用于精确匹配 ...
- [转] ElasticSearch 常用的查询过滤语句
备忘remark https://www.cnblogs.com/ghj1976/p/5293250.html query 和 filter 的区别请看: http://www.cnblogs.co ...
- 软件测试最常用的 SQL 命令 | 掌握基本查询、条件查询、聚合查询
1.DML核心CRUD增删改查 缩写全称和对应 SQL: * DML 数据操纵语言:Data Manipulation Language * Create 增加:insert * Retrieve 查 ...
- Mongoose中的关联表查询 && 聚合查询
注:阅读此篇文章,需要有一定的Mongo基础.基本的不会再重复介绍. 例: 有两张表,一张是博客列表,另外一张是博客的标签表.现在我们要做两张表的插入和关联查询. 创建两张表的Schema 主表bl ...
- {django模型层(二)多表操作}一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询、分组查询、F查询和Q查询
Django基础五之django模型层(二)多表操作 本节目录 一 创建模型 二 添加表记录 三 基于对象的跨表查询 四 基于双下划线的跨表查询 五 聚合查询.分组查询.F查询和Q查询 六 xxx 七 ...
- 数据库基本查询语句(SQL常用增删改查语句 简单复习 mark)
SQL常用增删改查语句 1增 1.1[插入单行]insert [into] <表名> (列名) values (列值)例:insert into Strdents (姓名,性别,出生日期) ...
- orm分组,聚合查询,执行原生sql语句
from django.db.models import Avg from app01 import models annotate:(聚合查询) ret=models.Article.objects ...
- 微擎查询SQL语句常用
pdo_fetch:根据SQL语句,查询一条记录 array | boolean pdo_fetch($sql, $params = array()); // :uid 是参数的一个点位符,没有使用引 ...
- [转] 常用SQL查询语句
sunada 的原文地址 常用SQL查询语句 一.简单查询语句 1. 查看表结构 SQL>DESC emp; 2. 查询所有列 SQL>SELECT * FROM emp; 3. 查询指 ...
随机推荐
- matlab文件读写处理实例(二)——textread批量读取文件
问题:对文件夹下所有文件进行批量读取,跳过文件头部分,读取每个文件数据部分的7,8,9列,保存到变量并且输出到文件. 数据: 文件夹11m\
- 【转】c++ 获取程序运行时间
转自:http://blog.csdn.net/ghevinn/article/details/22800059 DWORD start_time=GetTickCount(); {...} DWOR ...
- docker之NGINX镜像构建
Nginx是一个高性能的Web和反向代理服务器,它具有很多非常优越的特性:1.作为Web服务器.2.作为负载均衡服务器.3.作为邮件代理服务器.4.安装及配置简单.接下来我们介绍在docker构建ng ...
- 《NET 设计规范》第 2 章 框架设计基础
<NET 设计规范>第 2 章 框架设计基础 要设计功能强大又易于使用的框架. 要理解广大开发人员并有针对性地为他们设计框架. 要理解各种编程语言,并为他们设计框架. 2.1 渐进框架 2 ...
- 官方新出的 Kotlin 扩赞库 KTX,到底帮你干了什么?
Kotlin KTX 2月5号的时候,Google 发布了一款 Kotlin 的扩展库,叫 Android KTX,不过现在还处于预览版的状态.它能使 Android 上的 Kotlin 代码更简洁, ...
- Spring源码情操陶冶-PropertyPlaceholderBeanDefinitionParser注解配置解析器
本文针对spring配置的context:property-placeholder作下简单的分析,承接前文Spring源码情操陶冶-自定义节点的解析 spring配置文件应用 <context: ...
- 洛谷 [P1403] 约数研究
本题的思想很好,正难则反 首先如果暴力枚举每个数的约数个数,一定会超时,那么我们就从约数的角度考虑,题目中问的是1~n的约数个数和,那么我们就枚举约数,看每个约数在1~n中出现过几次. #includ ...
- xBIM WeXplorer xViewer 基本应用
目录 基础 xBIM WeXplorer 简要介绍 xBIM WeXplorer xViewer 基本应用 xBIM WeXplorer xViewer 浏览器检查 xBIM WeXplorer xV ...
- python学习:递归列出目录里的文件
#!/usr/bin/python import os import sys def print_files(path): lsdir = os.listdir(path) d ...
- 8、flask之flask-script组件
Flask Script扩展提供向Flask插入外部脚本的功能,包括运行一个开发用的服务器,一个定制的Python shell,设置数据库的脚本,cronjobs,及其他运行在web应用之外的命令行任 ...