Skip to content

Instantly share code, notes, and snippets.

View sethyes's full-sized avatar

Seth Smith sethyes

3 followers · 2 following
View GitHub Profile
@sethyes
sethyes / fv_tvsb.json
Created October 14, 2019 20:24
flowvisor TSVB long running query
{"index":"flow-*","ignore_unavailable":true}
{"aggs":{"2":{"terms":{"field":"flow.src_autonomous_system","order":{"1":"desc"},"size":50},"aggs":{"1":{"sum":{"field":"flow.bytes"}}}}},"size":0,"_source":{"excludes":[]},"stored_fields":["*"],"script_fields":{},"docvalue_fields":[{"field":"@timestamp","format":"date_time"},{"field":"ipfix.flowEndMilliseconds","format":"date_time"},{"field":"ipfix.flowStartMilliseconds","format":"date_time"}],"query":{"bool":{"must":[{"query_string":{"query":"*","analyze_wildcard":true,"default_field":"*","time_zone":"America/Denver"}},{"query_string":{"query":"*","analyze_wildcard":true,"time_zone":"America/Denver"}},{"range":{"@timestamp":{"format":"strict_date_optional_time","gte":"2019-10-07T20:20:44.913Z","lte":"2019-10-14T20:20:44.913Z"}}}],"filter":[],"should":[],"must_not":[{"match_phrase":{"flow.src_autonomous_system":{"query":"private"}}}]}},"timeout":"1800000ms"}
@sethyes
sethyes / long_query.json
Created October 14, 2019 19:22
FlowVisor Long Running Qery
{
"aggs": {
"2": {
"terms": {
"field": "flow.src_autonomous_system",
"order": {
"1": "desc"
},
"size": 50
},
@sethyes
sethyes / netflow_query.json
Last active September 17, 2019 21:00
{
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "12h",
"time_zone": "America/Denver",
"min_doc_count": 1
},
"aggs": {
@sethyes
sethyes / elasticsearch.log
Created October 30, 2017 19:33
ES logs for Elastic Issue: https://discuss.elastic.co/t/second-es-instance-unable-to-discover-other-nodes/103438/8
This file has been truncated, but you can view the full file.
[2017-10-30T00:00:03,247][WARN ][o.e.x.m.e.l.LocalExporter] unexpected error while indexing monitoring document
org.elasticsearch.xpack.monitoring.exporter.ExportException: RemoteTransportException[[wbu2-elkserver-prod-node02][10.191.4.62:9300][indices:admin/create]]; nested: IndexNotFoundException[no such index];
at org.elasticsearch.xpack.monitoring.exporter.local.LocalBulk.lambda$throwExportException$2(LocalBulk.java:130) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_111]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) ~[?:1.8.0_111]
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) ~[?:1.8.0_111]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) ~[?:1.8.0_111]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_111]
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151) ~[?:1.8.0_111]
at java.util.stream