def queryAlertsCountWithType(timeframe, clientDomain):
""" Get number of Alerts in timeframe in elasticsearch """
# check if timespan = d or number
if timeframe == "day":
span = "now/d"
elif timeframe.isdecimal():
span = "now-%sm" % timeframe
else:
app.logger.error('Non numeric value in retrieveAlertsCountWithType timespan. Must be decimal number (in minutes) or string "day"')
return False
try:
res = es.search(index=app.config['ELASTICINDEX'], body={
"query": {
"range": {
"recievedTime": {
"gte": str(span)
}
}
},
"aggs": {
"communityfilter": {
"filter": {
"term": {
"clientDomain": clientDomain
}
},
"aggs": {
"honeypotTypes": {
"terms": {
"field": "peerType.keyword"
}
}
}
}
},
"size": 0
})
return res
except ElasticsearchException as err:
app.logger.error('ElasticSearch error: %s' % err)
return False
评论列表
文章目录
