Nemesis
Reputation: 41
Get events count by last minute and event level
I have parsed events with field like "level" (DEBUG, INFO, ERROR, FATAL). How to retrieve events count by last minute and level type = ERROR?
I'm trying like that:
curl -XGET 'mysite.com:9200/myindex/_count?pretty=true' -d '
{
"query":{
"term":{
"level":"error"
}
},
"filter":{
"range":{
"_timestamp":{
"gt":"now-1m"
}
}
}
}'
Upvotes: 1
Views: 3006
Answers (1)
user3775217
Reputation: 4803
You must have timestamp on your events.If yes, write a count aggregate query on events with query filters of level type and range timestamp(elasticsearch do support range on time/date field with 'now' parameter). confusing part is you did't mention what kind of count you want.Total event count or you want to count by type or some name parameter(in that case use terms aggregation on that parameter).
https://www.elastic.co/guide/en/elasticsearch/reference/1.4/mapping-date-format.html#date-math
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"level": "trace"
}
},
{
"range": {
"timestamp": {
"gt": "now-1m"
}
}
}
]
}
}
}
}
}
Upvotes: 3
Related Questions
- Getting count and grouping by date range in elastic search
- Complex query for Elasticsearch to count the number of document according to different time
- Elastic Search count between dates
- Find the number of documents with filter at a particular time in Elasticsearch
- elasticsearch. How to count distinct value by date?
- Elasticsearch -- get count of log type in last 24 hours
- How to get count of distinct values meeting certain minimum date
- Searching Elasticsearch for first occurance of an event each day
- How to count event in the last hour grouping by minute
- Elasticsearch get the last ten added events