首先,我們現在kiban上面繪製自己需要統計出來的數據
然後點擊右上角inspect,將request的json格式複製
粘貼到Dev Tools上面,這樣會將我們需要的數據,已json的形式返回
將請求的json格式保存下來,開始寫py文件
from elasticsearch import Elasticsearch
import datetime
#初始化鏈接
es = Elasticsearch([{'host':'10.3.2.1','port':9200}])
#獲取當前時間和7天前的UTC格式時間戳
last_7day=datetime.datetime.utcnow()-datetime.timedelta(days=6, hours=16)
now_time=datetime.datetime.utcnow()+datetime.timedelta(hours=8)
last_7day=last_7day.strftime('%Y-%m-%dT%H:%M:%S.%f%z')
now_time=now_time.strftime('%Y-%m-%dT%H:%M:%S.%f%z')
#定義DSL請求體
query_json={
"aggs": {
"2": {
"terms": {
"field": "message.keyword",
"size": 30,
"order": {
"_count": "desc"
}
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
},
{
"field": "timestamp",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "level:error",
"analyze_wildcard": "true",
"default_field": "*"
}
},
{
"range": {
"@timestamp": {
"gte": last_7day,
"lte": now_time,
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}
res=es.search(index='index-*', body=query_json)
res=res['aggregations']['2']['buckets']
for i in res:
print(i)