def queryForSingleIP(maxAlerts, ip, clientDomain):
""" Get data for specific IP addresse from elasticsearch """
try:
ipaddress.IPv4Address(ip)
if not ipaddress.ip_address(ip).is_global:
app.logger.debug('No global IP address given on /querySingleIP: %s' % str(request.args.get('ip')))
return False
except:
app.logger.debug('No valid IP given on /querySingleIP: %s' % str(request.args.get('ip')))
return False
try:
res = es.search(index=app.config['ELASTICINDEX'], body={
"query": {
"bool": {
"must": [
{
"term": {
"sourceEntryIp": str(ip)
}
},
{
"term": {
"clientDomain": clientDomain
}
}
]
}
},
"size": maxAlerts,
"sort": {
"createTime": {
"order": "desc"
}
},
"_source": [
"createTime",
"peerType",
"targetCountry",
"originalRequestString"
]
})
return res["hits"]["hits"]
except ElasticsearchException as err:
app.logger.error('ElasticSearch error: %s' % err)
return False
# Formatting functions
评论列表
文章目录