def queryAlertsCountWithType(timeframe, clientDomain):
""" Get number of Alerts in timeframe in elasticsearch """
# check if timespan = d or number
if timeframe == "day":
span = "now/d"
elif timeframe.isdecimal():
span = "now-%sm" % timeframe
else:
print('Non numeric value in retrieveAlertsCountWithType timespan. Must be decimal number (in minutes) or string "day"')
return False
try:
res = es.search(index=esindex, body={
"query": {
"range": {
"createTime": {
"gte": str(span)
}
}
},
"aggs": {
"communityfilter": {
"filter": {
"term": {
"clientDomain": clientDomain
}
},
"aggs": {
"honeypotTypes": {
"terms": {
"field": "peerType.keyword"
}
}
}
}
},
"size": 0
})
return res
except ElasticsearchException as err:
print('ElasticSearch error: %s' % err)
return False
评论列表
文章目录
