Get data from elasticsearch

In [10]:
from elasticsearch import Elasticsearch
import json
import requests

elasticsearch = Elasticsearch(['http://192.168.1.206:9200/'])
index_list = []

Create query body

In [11]:
sensor = 'sensor-cmc-corp'
query_body = {
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "5m"
      },
      "aggs": {
        "1": {
          "sum": {
            "field": "IN_BYTES"
          }
        },
        "3": {
          "sum": {
            "field": "OUT_BYTES"
          }
        },
        "4": {
          "sum": {
            "field": "IN_PKTS"
          }
        },
        "5": {
          "sum": {
            "field": "OUT_PKTS"
          }
        }
      }
    }
  },
  "size": 0,
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "NTOPNG_INSTANCE_NAME.keyword": sensor
          }
        }
      ]
    }
  }
}
elastic_query = json.dumps(query_body)

Create index list to get data

In [15]:
import datetime

def create_index(date):
    index = 'flows-2019.'
    month = date.month
    if month < 10:
        index += ('0' + str(month))
    else:
        index += str(month)
    day = date.day
    if day < 10:
        index += ('.0' + str(day))
    else:
        index += ('.' + str(day))
    return index

index_list = []
today = datetime.datetime.today
for i in range(8):
    date = datetime.datetime.today() - datetime.timedelta(days=7-i)
    index = create_index(date)
    index_list.append(index)
print(index_list)

['flows-2019.09.02', 'flows-2019.09.03', 'flows-2019.09.04', 'flows-2019.09.05', 'flows-2019.09.06', 'flows-2019.09.07', 'flows-2019.09.08', 'flows-2019.09.09']


Get data from index on index list and push to Pandas dataframe

In [16]:
import pandas as pd
data_frame = pd.DataFrame(columns=['TIMESTAMP', 'IN_BYTES', 'OUT_BYTES', 'IN_PKTS', 'OUT_PKTS', 'COUNTS'])

for index_day in index_list:
    elastic_result = elasticsearch.search(index=index_day, body=elastic_query, request_timeout=180)
    for row in elastic_result['aggregations']['2']['buckets']:
        data_frame = data_frame.append({'TIMESTAMP': row['key_as_string'], 'IN_BYTES': row['1']['value'], 'OUT_BYTES': row['3']['value'], 'IN_PKTS': row['4']['value'], 'OUT_PKTS': row['5']['value'], 'COUNTS': row['doc_count']}, ignore_index=True)
data_frame.to_csv(sensor + '.csv')