堆栈内存溢出
  简体   繁体   English

如何在Kibana中否定过滤器查询

[英]How to negate filter query in Kibana

 原文  2016-09-27 14:53:47       json/ elasticsearch/ kibana

问题描述

I'm using ELK stack and I'm trying to find out how to visualize all logs except of those from specific IP ranges (for example 10.0.0.0/8). 我正在使用ELK堆栈,我试图找出除了特定IP范围(例如10.0.0.0/8)之外的所有日志的可视化。 Is there any way how to negate filter query: 有没有办法如何否定过滤查询: 

{"wildcard":{"src_address":"10.*"}}

I put it to Buckets -> Split Bars -> Aggregation -> Filters and I would like to negate this query so I got all logs except of those from 10.0.0.0/8 我把它放到Buckets - > Split Bars - > Aggregation - > Filters我想否定这个查询所以我得到了除10.0.0.0/8之外的所有日志

This is the whole JSON request: 这是整个JSON请求: 

    {
      "query": {
        "filtered": {
          "query": {
            "query_string": {
              "query": "low_level_category:\"user_authentication_failure\" AND NOT src_address:\"10.*\"",
              "analyze_wildcard": true
            }
          },
          "filter": {
            "bool": {
              "must": [
                {
                  "range": {
                    "@timestamp": {
                      "gte": 1474384885044,
                      "lte": 1474989685044,
                      "format": "epoch_millis"
                    }
                  }
                }
              ],
              "must_not": []
            }
          }
        }
      },
      "size": 0,
      "aggs": {
        "2": {
          "date_histogram": {
            "field": "@timestamp",
            "interval": "3h",
            "time_zone": "Europe/Berlin",
            "min_doc_count": 200,
            "extended_bounds": {
              "min": 1474384885043,
              "max": 1474989685043
            }
          },
          "aggs": {
            "3": {
              "terms": {
                "field": "src_address.raw",
                "size": 5,
                "order": {
                  "_count": "desc"
                }
              }
            }
          }
        }
      }
    }

Thanks 谢谢

1 个解决方案

解决方案1
 13 已采纳  2016-09-27 14:59:32

您可以在Kibana搜索框中输入此内容,它可以满足您的需求: 

NOT src_address:10.*

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kibana Query DSL:如何在包含 JSON 语法的文本值字段上应用正则表达式过滤器 - Kibana Query DSL: How to apply a regexp filter on a text value field which contains JSON syntax 如何使用 Retrofit 查询过滤器 json - How to query filter json with Retrofit 如何在Kibana中以“ OR”条件进行搜索 - How to make a search with 'OR' condition in Kibana Kibana - 如何导出搜索结果 - Kibana - how to export search results Elasticsearch Query - 如何聚合时间戳并按术语过滤? - Elasticsearch Query - How to aggregate timestamps and filter by term? 如何根据动态生成的查询过滤json? - How to filter json based on a query dynamically generated? 如何使用匹配的字符串过滤SQL查询结果 - how to filter sql query results with matching string 如何过滤查询生成器json返回的结果? - How to filter the result returned by the Query Builder json? 如何过滤流星数据库查询结果? - How to filter Meteor database query results? 我该如何解决这个 kibana 控制台错误 - How can i solve this kibana console error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM