Skip to content

Instantly share code, notes, and snippets.

@Howard-Chang

Howard-Chang/Restful_Winoc

Last active January 7, 2018 05:18
Show Gist options
  • Save Howard-Chang/6c0ab61fc2225d8008029288cc17486a to your computer and use it in GitHub Desktop.
Save Howard-Chang/6c0ab61fc2225d8008029288cc17486a to your computer and use it in GitHub Desktop.
Download ZIP
Restful_Winoc
Raw
Restful_Winoc
*一次查詢多個index,此方式亦可避免換日產生的問題
example:
GET _search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_SRC_ADDR":"192.168.0.159"}
},
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"}
},
{
"term" : { "_index" : "logstash-2018.01.01" }
},
{
"term" : { "_index" : "logstash-2018.01.02" }
},
{
"term" : { "_index" : "logstash-2018.01.03" }
}
],"minimum_should_match": 2,
"must":[
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514800010,
"lte" : 1518800010
}
}
}
]
}
},
"aggs": {
"genres":{
"terms" : {
"field" : "L7_PROTO_NAME.keyword" ,
"order" : { "sum_bytes" : "desc" }
},
"aggs":{
"in_bytes": {
"sum": { "field":"IN_BYTES"}
},
"out_bytes": {
"sum": { "field":"OUT_BYTES"}
},
"sum_bytes": {
"sum": {
"script": {
"source": "doc.IN_BYTES.value + doc.OUT_BYTES.value"
}
}
}
}
}
}
}
//因為SRC_IP和DST_IP不可能同時一樣且一個doc只會符合一個index所以"minimum_should_match": 2
//或是直接放在URL裡面也可,可提升搜尋效率(如下面例子)
example:
GET logstash-2018.01.04,logstash-2018.01.03,logstash-2018.01.02/_search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_SRC_ADDR":"192.168.0.159"}
},
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"}
}
],"minimum_should_match": 1,
"must":[
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514800010,
"lte" : 1518800010
}
}
}
]
}
},
"aggs": {
"genres":{
"terms" : {
"field" : "L7_PROTO_NAME.keyword" ,
"order" : { "sum_bytes" : "desc" }
},
"aggs":{
"in_bytes": {
"sum": { "field":"IN_BYTES"}
},
"out_bytes": {
"sum": { "field":"OUT_BYTES"}
},
"sum_bytes": {
"sum": {
"script": {
"source": "doc.IN_BYTES.value + doc.OUT_BYTES.value"
}
}
}
}
}
}
}
1.上傳下載流量:
GET /_search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"}
},
{
"term":{"IPV4_SRC_ADDR":"192.168.0.159"}
}
],
"minimum_should_match": 1,
"must":[
{
"match" : { "_index" : "logstash-2018.01.02" }
},
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514860890
}
}
}
]
}
},
"aggs": {
"download1" : {
"filter" : { "term": { "IPV4_DST_ADDR":"192.168.0.159"} },
"aggs" : {
"downlod_bytes" : { "sum" : { "field" : "IN_BYTES" } }
}
},
"download2" : {
"filter" : { "term": { "IPV4_SRC_ADDR":"192.168.0.159"} },
"aggs" : {
"downlod_bytes" : { "sum" : { "field" : "OUT_BYTES" } }
}
},"upload1" : {
"filter" : { "term": { "IPV4_DST_ADDR":"192.168.0.159"} },
"aggs" : {
"upload_bytes" : { "sum" : { "field" : "OUT_BYTES" } }
}
},"upload2" : {
"filter" : { "term": { "IPV4_SRC_ADDR":"192.168.0.159"} },
"aggs" : {
"upload_bytes" : { "sum" : { "field" : "IN_BYTES" } }
}
}
}
}
//下載流量=download1+download2. 上傳流量=upload1+upload2.
2.Session數計算:
GET /_search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"}
},
{
"term":{"IPV4_SRC_ADDR":"192.168.0.159"}
}
],
"minimum_should_match": 1,
"must": [
{
"term" : { "_index" : "logstash-2018.01.02" }
},
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514865890
}
}
}
]
}
},
"aggs": {
"Udp|Tcp" : {
"terms" : {
"field" : "PROTOCOL",
"include" : ["17", "6"]
}
}
}
}
3.protocol name top10:
GET _search
{
"size" : 0,
"query": {
"bool": {
"must": [
{
"term" : { "_index" : "logstash-2018.01.02" }
},
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"} //"IPV4_SRC_ADDR":"192.168.0.159"
},
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514166147
}
}
}
]
}
},
"aggs": {
"genres":{
"terms" : {
"field" : "L7_PROTO_NAME.keyword" ,
"order" : { "in_bytes" : "desc" } //"out_bytes" : "desc"
},
"aggs":{
"in_bytes": {
"sum": { "field":"IN_BYTES"}
},
"out_bytes": {
"sum": { "field":"OUT_BYTES"}
}
}
}
}
}
4.Quota+IP+Protocol_name:
GET _search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_SRC_ADDR":"120.127.160.91"}
},
{
"term":{"IPV4_DST_ADDR":"120.127.160.91"}
}
],"minimum_should_match": 1,
"must":[
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514879410
}
}
},
{
"term" : { "_index" : "logstash-2018.01.02" }
}
]
}
},
"aggs": {
"genres":{
"terms" : {
"field" : "L7_PROTO_NAME.keyword" ,
"order" : { "sum_bytes" : "desc" }
},
"aggs":{
"sum_bytes": {
"sum": {
"script": {
"source": "doc.IN_BYTES.value + doc.OUT_BYTES.value"
}
}
}
}
}
}
}
5.Online user unique IP:
GET /_search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"match":{"IPV4_DST_ADDR":"192.168.0.0/16"}
},
{
"match":{"IPV4_SRC_ADDR":"192.168.0.0/16"}
},
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1510166147
}
}
}
],
"minimum_should_match": 2
}
},
"aggs": {
"DST_Local_IP": {
"filter": {
"bool": {
"filter": {
"match":{"IPV4_DST_ADDR":"192.168.0.0/16"}
}
}
},
"aggs": {
"dst_local_ip" : {
"terms" : {
"field" : "IPV4_DST_ADDR",
"size": 1000
}
}
}
},
"SRC_Local_IP": {
"filter": {
"bool": {
"filter": {
"match":{"IPV4_SRC_ADDR":"192.168.0.0/16"}
}
}
},
"aggs": {
"src_local_ip" : {
"terms" : {
"field" : "IPV4_SRC_ADDR",
"size": 1000
}
}
}
}
}
}
5.Quota+Session(for 畫圖每五分鐘一次,所以總共query12次):
GET _search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_SRC_ADDR":"120.127.160.91"}
},
{
"term":{"IPV4_DST_ADDR":"120.127.160.91"}
}
],"minimum_should_match": 1,
"must":[
{
"range" : {
"LAST_SWITCHED" : {
"gte" : 1514879410,
"lte" : 1515989410
}
}
}
]
}
},
"aggs": {
"download1" : {
"filter" : { "term": { "IPV4_DST_ADDR":"120.127.160.91"} },
"aggs" : {
"downlod_bytes" : { "sum" : { "field" : "IN_BYTES" } }
}
},
"download2" : {
"filter" : { "term": { "IPV4_SRC_ADDR":"120.127.160.91"} },
"aggs" : {
"downlod_bytes" : { "sum" : { "field" : "OUT_BYTES" } }
}
},"upload1" : {
"filter" : { "term": { "IPV4_DST_ADDR":"120.127.160.91"} },
"aggs" : {
"upload_bytes" : { "sum" : { "field" : "OUT_BYTES" } }
}
},"upload2" : {
"filter" : { "term": { "IPV4_SRC_ADDR":"120.127.160.91"} },
"aggs" : {
"upload_bytes" : { "sum" : { "field" : "IN_BYTES" } }
}
},
"Udp|Tcp" : {
"terms" : {
"field" : "PROTOCOL",
"include" : ["17", "6"]
}
}
}
}
5.Quota+Session(for畫圖 只需query一次,但變數很多):
GET _search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_DST_ADDR":"192.168.0.159"}
},
{
"term":{"IPV4_SRC_ADDR":"192.168.0.159"}
}
],
"minimum_should_match": 1,
"must":[
{
"term" : { "_index" : "logstash-2018.01.02" }
},
{
"range" : {
"LAST_SWITCHED" : {
"gte" : XXXXXXXXXX
"lte" : XXXXXXXXXX
}
}
}
]
}
},
"aggs": {
"download1": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": XXXXXXXXXX,
"lte": XXXXXXXXXX
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download2": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download3": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download4": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download5": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download6": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download7": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download8": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download9": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download10": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download11": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download12": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "download-1": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-2": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-3": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-4": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-5": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-6": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-7": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-8": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-9": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-10": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-11": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "download-12": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"downlod_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload1": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload2": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload3": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload4": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload5": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload6": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload7": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload8": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload9": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload10": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload11": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload12": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_SRC_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "IN_BYTES"
}
}
}
}, "upload-1": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-2": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-3": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-4": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-5": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-6": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-7": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-8": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-9": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-10": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-11": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
}, "upload-12": {
"filter": {
"bool": {
"filter": [
{
"term": {
"IPV4_DST_ADDR": "192.168.0.159"
}
},
{
"range": {
"LAST_SWITCHED": {
"gte": "100",
"lte": "1000"
}
}
}
]
}
},
"aggs": {
"upload_bytes": {
"sum": {
"field": "OUT_BYTES"
}
}
}
},
"Udp|Tcp" : {
"terms" : {
"field" : "PROTOCOL",
"include" : ["17", "6"]
}
},"OtherSessions":{
"terms" : {
"field" : "PROTOCOL",
"exclude" : ["17", "6"]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment