Page 2 of 2
Re: Create and save query in Nagios Log Server
Posted: Fri Sep 08, 2017 10:48 am
by sgiworks
something like this?
{"aggs" : { "products" : { "terms" : { "field" : "TargetUserName", Count" : 10 }}}}
Re: Create and save query in Nagios Log Server
Posted: Fri Sep 08, 2017 11:04 am
by cdienger
Alerting on this currently isn't possible but it is a feature request - id # 9938
Re: Create and save query in Nagios Log Server
Posted: Fri Sep 08, 2017 2:28 pm
by sgiworks
Checkout this:
{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1504735059807,"to":1504821459807}}},{"fquery":{"query":{"query_string":{"query":"EventID:(\"4625\" \"4771\" \"4776\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"_type:(\"eventlog\")"}},"_cache":true}}],"must_not":[{"fquery":{"query":{"query_string":{"query":"message:(S-1-0-0)"}},"_cache":true}},{"fquery": { "query": { "query_string": { "query": "TargetUserName:(count >10)" } }, "_cache": true}},{"fquery":{"query":{"query_string":{"query":"SComInstaller,Guest, IWKSEA%, IWKSSA%, SRV_PE_URL_MON"}},"_cache":true}}]}}}}}
Re: Create and save query in Nagios Log Server
Posted: Fri Sep 08, 2017 3:37 pm
by dwhitfield
Are you getting an error when you run that? If so, can you put the error in a code block?