elasticsearch查询

GET event_log/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "op_type": "SELECT"
          }
        }
      ]
    }
  },
  "aggs": {
    "sw": {
      "terms": {
        "script": {
          "inline": "doc['cli_ip'].value"
        }
      }
    }
  },
  "size": 10
}

#多条件
GET event_log/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "op_type": "SELECT"
          }
        }
      ],
      "filter": {
        "range": {
          "op_time": {
            "gte": "2021-01-26 18:00:21",
            "lte": "2021-05-26 18:25:21",
            "format": "yyyy-MM-dd HH:mm:ss"
          }
        }
      }
    }
  },
  "sort": [
    {
      "srv_port": {
        "order": "asc"
      }
    }
  ], 
  "aggs": {
    "ipAndPortAggs": {
      "terms": {
        "script": {
           "inline": "doc['srv_ip'].value +':'+ doc['srv_port'].value "
        }
      }
    },
    "opTime": {
      "date_histogram": {
        "field": "op_time",
        "interval": "5m",
        "format": "yyyy-MM-dd HH:mm:ss"
      }
    }
  },
  "size": 2
}

GET event_log/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "op_type": "SELECT"
          }
        }
      ]
    }
  },
  "aggs": {
    "ipAndPortAggs": {
      "terms": {
        "script": {
           "inline": "doc['srv_ip'].value +':'+ doc['srv_port'].value "
        }
      }
    },
    "opTime": {
      "date_histogram": {
        "field": "op_time",
        "interval": "5m",
        "format": "yyyy-MM-dd HH:mm:ss"
      }
    }
  },
  "size": 2
}


GET event_log/_search
{
  "query": {
    "match_all": {}
  }
}


POST event_log/event_log
{
    "id":"150155",
    "sess_id":"434412",
    "db_type":"1",
    "cli_os":"",
    "cli_hostname":"redhat",
    "cli_protocol":"TCP",
    "cli_program":"sqlplus@redhat",
    "cli_ip":"10.10.10.91",
    "cli_port":"58418",
    "conn_status":"0",
    "srv_ip":"10.10.10.76",
    "srv_port":"1531",
    "db_version":"11g",
    "db_name":"ncsdataserver",
    "db_username":"root",
    "op_time":"2021-04-02 13:51:21",
    "op_table_name":"",
    "op_sql":"SELECT ATTRIBUTE,SCOPE,NUMERIC_VALUE,CHAR_VALUE,DATE_VALUE FROM @SYSTEM.PRODUCT_PRIVS WHERE (UPPER('SQL*Plus') LIKE UPPER(PRODUCT)) AND (USER LIKE USERID)",
    "op_type":"INSERT"
}