Last active
January 24, 2024 20:53
-
-
Save juffaz/25062b07df8657d16935108f00678639 to your computer and use it in GitHub Desktop.
elasticsearch-groupby-regex-microservice-endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /api-log-2024.01.24/_search | |
| { | |
| "_source": ["client-request.uri"], | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "_source": ["client-request.uri"], | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "_source": ["client-request.uri"], | |
| "size": 0, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^?]+)" | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^?]+)" | |
| } | |
| }, | |
| { | |
| "range": { | |
| "@timestamp": { | |
| "gte": "2024-01-24T00:00:00", | |
| "lte": "2024-01-24T23:59:59" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+)/([^?]+)" | |
| } | |
| }, | |
| "aggs": { | |
| "custom_groups": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+)/([^?]+)" | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "api": { | |
| "terms": { | |
| "field": "api.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "api": { | |
| "terms": { | |
| "field": "api.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
| } | |
| }, | |
| { | |
| "range": { | |
| "@timestamp": { | |
| "gte": "now-1h/h", // За последний час | |
| // "gte": "now-3h/h", // За последние 3 часа | |
| // "gte": "now-10h/h", // За последние 10 часов | |
| "lte": "now" // До текущего момента | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "api": { | |
| "terms": { | |
| "field": "api.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
| } | |
| }, | |
| { | |
| "range": { | |
| "@timestamp": { | |
| "gte": "now-1h/h", | |
| "lte": "now" | |
| } | |
| } | |
| } | |
| ], | |
| "filter": [ | |
| { | |
| "range": { | |
| "client-response.status": { | |
| "gte": 500, | |
| "lte": 504 | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "api": { | |
| "terms": { | |
| "field": "api.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| GET /api-log-2024.01.24/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "regexp": { | |
| "client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
| } | |
| }, | |
| { | |
| "range": { | |
| "@timestamp": { | |
| "gte": "now-1h/h", | |
| "lte": "now" | |
| } | |
| } | |
| } | |
| ], | |
| "filter": [ | |
| { | |
| "range": { | |
| "client-response.status": { | |
| "gte": 200, | |
| "lte": 504 | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "aggs": { | |
| "microservice_endpoint": { | |
| "terms": { | |
| "field": "client-request.uri.keyword", | |
| "size": 100, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "api": { | |
| "terms": { | |
| "field": "api.keyword", | |
| "size": 10, | |
| "order": { | |
| "_count": "desc" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment