- ES 로그스태시 사용하여 파이프라이닝 → 인덱스 생성 성공
- web-logs 인덱스 카운트
GET web-logs/_count { "count": 20730, "_shards": { "total": 1, "successful": 1, "skipped": 0, "failed": 0 } } - web-logs 인덱스 검색
GET web-logs/_search { "query": { "term": { "http.response.status_code": { "value": "200" } } } } { "took": 5, "timed_out": false, "_shards": { "total": 1, "successful": 1, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 10000, "relation": "gte" }, "max_score": 1.0, "hits": [ { "_index": "web-logs", "_id": "MKlAIZEBV-pbYm0nFK0G", "_score": 1.0, "_source": { "apache": { "access": {} }, "@timestamp": "2019-01-25T08:08:42.000Z", "http": { "request": { "referrer": "-", "method": "GET" }, "response": { "status_code": 200, "body": { "bytes": 42187 } }, "version": "1.1" }, "source": { "geo": { "continent_name": "North America", "region_iso_code": "US-VA", "city_name": "Boydton", "country_iso_code": "US", "country_name": "United States", "region_name": "Virginia", "location": { "lon": -78.375, "lat": 36.6534 } }, "as": { "number": 8075, "organization": { "name": "MICROSOFT-CORP-MSN-AS-BLOCK" } }, "address": "40.77.167.29", "ip": "40.77.167.29" }, "event": { "ingested": "2024-08-05T06:35:33.014335411Z", "original": "40.77.167.29 - - [25/Jan/2019:11:38:42 +0330] \\\"GET /product/30946/60730/%D8%BA%D8%B0%D8%A7-%D8%B3%D8%A7%D8%B2-%DA%A9%D9%86%D9%88%D9%88%D8%AF-%D9%85%D8%AF%D9%84-FPM902 HTTP/1.1\\\" 200 42187 \\\"-\\\" \\\"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)\\\" \\\"-\\\"\\r", "kind": "event", "created": "2024-08-05T06:35:31.965339070Z", "category": "web", "outcome": "success" }, "user": { "name": "-" }, "user_agent": { "original": "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "name": "bingbot", "device": { "name": "Spider" }, "version": "2.0" }, "url": { "original": "/product/30946/60730/%D8%BA%D8%B0%D8%A7-%D8%B3%D8%A7%D8%B2-%DA%A9%D9%86%D9%88%D9%88%D8%AF-%D9%85%D8%AF%D9%84-FPM902" } } }, - web-logs 200 이 아니고, http.request.method 가 POST 인 데이터 조회
GET web-logs/_search { "query": { "bool": { "must_not": { "term": { "http.response.status_code": "200" } }, "must": { "term": { "http.request.method": { "value": "POST" } } } } } } { "took": 9, "timed_out": false, "_shards": { "total": 1, "successful": 1, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 22, "relation": "eq" }, "max_score": 4.2677817, "hits": [ { "_index": "web-logs", "_id": "MalAIZEBV-pbYm0nFrYC", "_score": 4.2677817, "_source": { "apache": { "access": {} }, "@timestamp": "2019-01-26T05:40:03.000Z", "http": { "request": { "referrer": "https://www.zanbil.ir/orderAdministration/console/188035", "method": "POST" }, "response": { "status_code": 302, "body": { "bytes": 0 } }, "version": "1.1" }, "source": { "geo": { "continent_name": "Asia", "country_iso_code": "IR", "country_name": "Iran", "location": { "lon": 51.4115, "lat": 35.698 } }, "address": "151.239.241.163", "ip": "151.239.241.163" }, "event": { "ingested": "2024-08-05T06:35:33.693030Z", "original": "151.239.241.163 - - [26/Jan/2019:09:10:03 +0330] \\\"POST /orderAdministration/assignToMe/188018 HTTP/1.1\\\" 302 0 \\\"https://www.zanbil.ir/orderAdministration/console/188035\\\" \\\"Mozilla/5.0 (Windows NT 6.3; rv:64.0) Gecko/20100101 Firefox/64.0\\\" \\\"-\\\"\\r", "kind": "event", "created": "2024-08-05T06:35:33.189960283Z", "category": "web", "outcome": "success" }, "user": { "name": "-" }, "user_agent": { "original": "Mozilla/5.0 (Windows NT 6.3; rv:64.0) Gecko/20100101 Firefox/64.0", "os": { "name": "Windows", "version": "8.1", "full": "Windows 8.1" }, "name": "Firefox", "device": { "name": "Other" }, "version": "64.0." }, "url": { "original": "/orderAdministration/assignToMe/188018" } *refrigerator와 windows 단어가 둘다 토큰에 존재하는지 여부*GET web-logs/_search { "query": { "match": { "event.original": { "query": "refrigerator windows", "operator": "and" } } } } { "took": 33, "timed_out": false, "_shards": { "total": 1, "successful": 1, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 126, "relation": "eq" }, "max_score": 5.702315, "hits": [ { "_index": "web-logs", "_id": "b6lAIZEBV-pbYm0nGMYV", "_score": 5.702315, "_source": { "apache": { "access": {} }, "@timestamp": "2019-01-26T16:26:52.000Z", "http": { "request": { "referrer": "https://www.zanbil.ir/browse/refrigerator-and-freezer", "method": "GET" }, "response": { "status_code": 200, "body": { "bytes": 3094 } }, "version": "1.1" },
이전 블로그 : https://oth3410.tistory.com/