-
-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Lorenzo Mangani edited this page Aug 14, 2018
·
8 revisions
.index('heplify-*').top(NetSrcIP.keyword,10).search(SIP.Cseq.Method.keyword:'INVITE')
.index('heplify-*').search(SIP.Cseq.Method.keyword:'INVITE').top(NetSrcIP.keyword,20).top(NetDstIP.keyword,20)
curl -XPOST \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/plain, */*" \
-H "kbn-xsrf: anything" \
-H "Connection: keep-alive" \
localhost:5601/api/kable/run \
-d '{"expression":".index(_all)","time":{"from":"now-15m","mode":"quick","timezone":"Europe/Berlin","to":"now"}}'
curl -XPOST \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/plain, */*" \
-H "kbn-xsrf: anything" -H "Connection: keep-alive" \
localhost:5601/api/timelion/run \
-d '{"sheet":[".es(*).label(all)"],"time":{"from":"now-15m","interval":"auto","mode":"quick","timezone":"Europe/Berlin","to":"now"}}'
curl -XPOST \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/plain, */*" \
-H "kbn-xsrf: anything" -H "Connection: keep-alive" \
localhost:5601/api/timelion/run \
-d '{"sheet":[".kable(expression='.index(_all).timeseries(field=@timestamp,interval=5m)')"],"time":{"from":"now-15m","interval":"auto","mode":"quick","timezone":"Europe/Berlin","to":"now"}}'