Last active
January 24, 2024 20:53
-
-
Save juffaz/25062b07df8657d16935108f00678639 to your computer and use it in GitHub Desktop.
elasticsearch-groupby-regex-microservice-endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET /api-log-2024.01.24/_search | |
{ | |
"_source": ["client-request.uri"], | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"_source": ["client-request.uri"], | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"_source": ["client-request.uri"], | |
"size": 0, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^/]+)/([^?]+)" | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^?]+)" | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"bool": { | |
"must": [ | |
{ | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^?]+)" | |
} | |
}, | |
{ | |
"range": { | |
"@timestamp": { | |
"gte": "2024-01-24T00:00:00", | |
"lte": "2024-01-24T23:59:59" | |
} | |
} | |
} | |
] | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+)/([^?]+)" | |
} | |
}, | |
"aggs": { | |
"custom_groups": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+)/([^?]+)" | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
}, | |
"aggs": { | |
"api": { | |
"terms": { | |
"field": "api.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
}, | |
"aggs": { | |
"api": { | |
"terms": { | |
"field": "api.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"bool": { | |
"must": [ | |
{ | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
} | |
}, | |
{ | |
"range": { | |
"@timestamp": { | |
"gte": "now-1h/h", // За последний час | |
// "gte": "now-3h/h", // За последние 3 часа | |
// "gte": "now-10h/h", // За последние 10 часов | |
"lte": "now" // До текущего момента | |
} | |
} | |
} | |
] | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
}, | |
"aggs": { | |
"api": { | |
"terms": { | |
"field": "api.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"bool": { | |
"must": [ | |
{ | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
} | |
}, | |
{ | |
"range": { | |
"@timestamp": { | |
"gte": "now-1h/h", | |
"lte": "now" | |
} | |
} | |
} | |
], | |
"filter": [ | |
{ | |
"range": { | |
"client-response.status": { | |
"gte": 500, | |
"lte": 504 | |
} | |
} | |
} | |
] | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
}, | |
"aggs": { | |
"api": { | |
"terms": { | |
"field": "api.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
GET /api-log-2024.01.24/_search | |
{ | |
"size": 0, | |
"query": { | |
"bool": { | |
"must": [ | |
{ | |
"regexp": { | |
"client-request.uri.keyword": "/([^/]+)/([^/]+(?:/[^/]+)*)/([^?]+)" | |
} | |
}, | |
{ | |
"range": { | |
"@timestamp": { | |
"gte": "now-1h/h", | |
"lte": "now" | |
} | |
} | |
} | |
], | |
"filter": [ | |
{ | |
"range": { | |
"client-response.status": { | |
"gte": 200, | |
"lte": 504 | |
} | |
} | |
} | |
] | |
} | |
}, | |
"aggs": { | |
"microservice_endpoint": { | |
"terms": { | |
"field": "client-request.uri.keyword", | |
"size": 100, | |
"order": { | |
"_count": "desc" | |
} | |
}, | |
"aggs": { | |
"api": { | |
"terms": { | |
"field": "api.keyword", | |
"size": 10, | |
"order": { | |
"_count": "desc" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment