Écrire et exécuter des agrégations de pipelines
Cheat Sheet
curl -H
GET _cat/nodes?v
GET _cat/indices?v
### Recherche tous
GET logs/_search
### Recherche tous les extensions
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10
}
}
}
}
### Recherche tous les extensions et faire la somme de bytes
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
}
}
}
}
}
### Recherche tous les extensions, faire la somme de bytes et faire un trie décroissant
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10,
"order": {
"sum_of_bytes": "desc"
}
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
}
}
}
}
}
### Recherche tous les extensions, faire la somme de bytes, faire un trie décroissant et faire le totale
GET logs/_search
{
"size": 0,
"aggs": {
"extensions": {
"terms": {
"field": "extension.keyword",
"size": 10,
"order": {
"sum_of_bytes": "desc"
}
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
}
}
},
"total": {
"sum_bucket": {
"buckets_path": "extensions>sum_of_bytes"
}
}
}
}
### Recherche par heure le nombre de client unique.
GET logs/_search
{
"size": 0,
"aggs": {
"per_hour": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "hour",
},
"aggs": {
"unique_clients": {
"cardinality": {
"field": "clientip.keyword"
}
}
}
},
"max": {
"max_bucket": {
"buckets_path": "per_hour>unique_clients"
}
}
}
}
### Recherche par heure le nombre de client unique.
GET logs/_search
{
"size": 0,
"aggs": {
"per_hour": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "hour",
},
"aggs": {
"sum_of_bytes": {
"sum": {
"field": "bytes"
}
},
"cumulative_sum_of_bytes": {
"cumulative_sum": {
"bucket_path": "sum_of_bytes>"
}
},
"bytes_per_second": {
"derivative": {
"bucket_path": "cumulative_sum_of_bytes",
"unit": "second"
}
}
}
}
}
}