Get events count by last minute and event level
Clash Royale CLAN TAG#URR8PPP
Get events count by last minute and event level
I have parsed events with field like "level" (DEBUG, INFO, ERROR, FATAL). How to retrieve events count by last minute and level type = ERROR?
screen from Kibana
I'm trying like that:
curl -XGET 'mysite.com:9200/myindex/_count?pretty=true' -d '
"query":
"term":
"level":"error"
,
"filter":
"range":
"_timestamp":
"gt":"now-1m"
'
1 Answer
1
You must have timestamp on your events.If yes, write a count aggregate query on events with query filters of level type and range timestamp(elasticsearch do support range on time/date field with 'now' parameter).
confusing part is you did't mention what kind of count you want.Total event count or you want to count by type or some name parameter(in that case use terms aggregation on that parameter).
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html
https://www.elastic.co/guide/en/elasticsearch/reference/1.4/mapping-date-format.html#date-math
"query":
"filtered":
"filter":
"bool":
"must": [
"term":
"level": "trace"
,
"range":
"timestamp":
"gt": "now-1m"
]
I need total event count that has field "level"="error" by last minute.
– Nemesis
Oct 27 '15 at 10:18
then just do a simple query with date range filter, level=error filter(use bool filter) and you will get the hits count.
– user3775217
Oct 27 '15 at 11:30
thx. Problem is solved.
– Nemesis
Oct 27 '15 at 15:26
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
You have provided almost 0 details about the issue. What is your index mapping? Give examples of actual documents. Have you tried anything yet?
– Andrei Stefan
Oct 27 '15 at 6:32