Untitled
unknown
c_cpp
7 months ago
4.6 kB
7
Indexable
GET waf-log-*/_search
{
"query": {
"bool" : {
"must" : [
{
"bool" : {
"should" : [
{
"range" : {
"time" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"start_time" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"end_time" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"eventHappenedAt" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"login_time" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"timestamp_orig" : {
"from" : 1742468971000,
"to" : 1742469271000,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
}
],
"adjust_pure_negative" : true,
"minimum_should_match" : "1",
"boost" : 1.0
}
},
{
"bool" : {
"should" : [
{
"term" : {
"src_ip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"remote_addr" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"proxy_ip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"conn_client_dns_ip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"conn_src_ip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"connector_private_addr" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"connector_public_addr" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"nexthop_addr" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"request_remote_addr" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"ip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
},
{
"term" : {
"hostip" : {
"value" : "111.11.86.145",
"boost" : 1.0
}
}
}
],
"adjust_pure_negative" : true,
"minimum_should_match" : "1",
"boost" : 1.0
}
}
],
"adjust_pure_negative" : true,
"boost" : 1.0
}
}
}
Editor is loading...
Leave a Comment