API tools faq
paste
Guest User

Untitled

a guest
Oct 11th, 2018
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.86 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "watch_id": "_inlined_",
  3. "node": "eirBuokFRHGabbD0At450w",
  4. "state": "executed",
  5. "status": {
  6. "state": {
  7. "active": true,
  8. "timestamp": "2018-10-11T08:38:50.224Z"
  9. },
  10. "last_checked": "2018-10-11T08:38:50.224Z",
  11. "last_met_condition": "2018-10-11T08:38:50.224Z",
  12. "actions": {
  13. "log": {
  14. "ack": {
  15. "timestamp": "2018-10-11T08:38:50.224Z",
  16. "state": "ackable"
  17. },
  18. "last_execution": {
  19. "timestamp": "2018-10-11T08:38:50.224Z",
  20. "successful": true
  21. },
  22. "last_successful_execution": {
  23. "timestamp": "2018-10-11T08:38:50.224Z",
  24. "successful": true
  25. }
  26. }
  27. },
  28. "execution_state": "executed",
  29. "version": -1
  30. },
  31. "trigger_event": {
  32. "type": "manual",
  33. "triggered_time": "2018-10-11T08:38:50.224Z",
  34. "manual": {
  35. "schedule": {
  36. "scheduled_time": "2018-10-11T08:38:50.224Z"
  37. }
  38. }
  39. },
  40. "input": {
  41. "search": {
  42. "request": {
  43. "search_type": "query_then_fetch",
  44. "indices": [
  45. "clog-*"
  46. ],
  47. "types": [],
  48. "body": {
  49. "size": 0,
  50. "query": {
  51. "bool": {
  52. "must": [
  53. {
  54. "query_string": {
  55. "query": "source_affiliate: ukmail AND _exists_:hdr_xredir",
  56. "analyze_wildcard": false
  57. }
  58. },
  59. {
  60. "range": {
  61. "@timestamp": {
  62. "gte": "now-1h"
  63. }
  64. }
  65. }
  66. ],
  67. "filter": [],
  68. "should": [],
  69. "must_not": []
  70. }
  71. },
  72. "aggs": {
  73. "forward_address": {
  74. "terms": {
  75. "field": "rcptto_list.keyword",
  76. "size": 1000,
  77. "min_doc_count": 11
  78. },
  79. "aggs": {
  80. "senders": {
  81. "terms": {
  82. "field": "hdr_xredir.keyword",
  83. "size": 100
  84. }
  85. }
  86. }
  87. }
  88. }
  89. }
  90. }
  91. }
  92. },
  93. "condition": {
  94. "script": {
  95. "source": "boolean trigger = false;ArrayList offenders = new ArrayList();for (int i = 0; i < ctx.payload.aggregations.forward_address.buckets.size();i++){offenders.add(i);trigger=true}return trigger;",
  96. "lang": "painless",
  97. "params": {
  98. "rcpt_to": 11,
  99. "xredir": 10
  100. }
  101. }
  102. },
  103. "metadata": {
  104. "xpack": {
  105. "type": "json"
  106. }
  107. },
  108. "result": {
  109. "execution_time": "2018-10-11T08:38:50.224Z",
  110. "execution_duration": 1514,
  111. "input": {
  112. "type": "search",
  113. "status": "success",
  114. "payload": {
  115. "_shards": {
  116. "total": 240,
  117. "failed": 0,
  118. "successful": 240,
  119. "skipped": 220
  120. },
  121. "hits": {
  122. "hits": [],
  123. "total": 25891,
  124. "max_score": 0
  125. },
  126. "took": 1507,
  127. "timed_out": false,
  128. "aggregations": {
  129. "forward_address": {
  130. "doc_count_error_upper_bound": 0,
  131. "sum_other_doc_count": 0,
  132. "buckets": [
  133. {
  134. "doc_count": 38,
  135. "senders": {
  136. "doc_count_error_upper_bound": 0,
  137. "sum_other_doc_count": 0,
  138. "buckets": [
  139. {
  140. "doc_count": 4,
  141. "key": "foo@bar.com"
  142. },
  143. {
  144. "doc_count": 4,
  145. "key": "foo@bar.com"
  146. },
  147. {
  148. "doc_count": 3,
  149. "key": "foo@bar.com"
  150. },
  151. {
  152. "doc_count": 3,
  153. "key": "foo@bar.com"
  154. },
  155. {
  156. "doc_count": 3,
  157. "key": "foo@bar.com"
  158. },
  159. {
  160. "doc_count": 3,
  161. "key": "foo@bar.com"
  162. },
  163. {
  164. "doc_count": 3,
  165. "key": "foo@bar.com"
  166. },
  167. {
  168. "doc_count": 2,
  169. "key": "foo@bar.com"
  170. },
  171. {
  172. "doc_count": 1,
  173. "key": "foo@bar.com"
  174. },
  175. {
  176. "doc_count": 1,
  177. "key": "foo@bar.com"
  178. },
  179. {
  180. "doc_count": 1,
  181. "key": "foo@bar.com"
  182. },
  183. {
  184. "doc_count": 1,
  185. "key": "foo@bar.com"
  186. },
  187. {
  188. "doc_count": 1,
  189. "key": "foo@bar.com"
  190. },
  191. {
  192. "doc_count": 1,
  193. "key": "foo@bar.com"
  194. },
  195. {
  196. "doc_count": 1,
  197. "key": "foo@bar.com"
  198. },
  199. {
  200. "doc_count": 1,
  201. "key": "foo@bar.com"
  202. },
  203. {
  204. "doc_count": 1,
  205. "key": "foo@bar.com"
  206. },
  207. {
  208. "doc_count": 1,
  209. "key": "foo@bar.com"
  210. },
  211. {
  212. "doc_count": 1,
  213. "key": "foo@bar.com"
  214. },
  215. {
  216. "doc_count": 1,
  217. "key": "foo@bar.com"
  218. },
  219. {
  220. "doc_count": 1,
  221. "key": "foo@bar.com"
  222. }
  223. ]
  224. },
  225. "key": "foo@bar.com"
  226. },
  227. {
  228. "doc_count": 34,
  229. "senders": {
  230. "doc_count_error_upper_bound": 0,
  231. "sum_other_doc_count": 0,
  232. "buckets": [
  233. {
  234. "doc_count": 34,
  235. "key": "foo@bar.com"
  236. }
  237. ]
  238. },
  239. "key": "foo@bar.com"
  240. },
  241. {
  242. "doc_count": 26,
  243. "senders": {
  244. "doc_count_error_upper_bound": 0,
  245. "sum_other_doc_count": 0,
  246. "buckets": [
  247. {
  248. "doc_count": 4,
  249. "key": "foo@bar.com"
  250. },
  251. {
  252. "doc_count": 3,
  253. "key": "foo@bar.com"
  254. },
  255. {
  256. "doc_count": 3,
  257. "key": "foo@bar.com"
  258. },
  259. {
  260. "doc_count": 2,
  261. "key": "foo@bar.com"
  262. },
  263. {
  264. "doc_count": 2,
  265. "key": "foo@bar.com"
  266. },
  267. {
  268. "doc_count": 2,
  269. "key": "foo@bar.com"
  270. },
  271. {
  272. "doc_count": 2,
  273. "key": "foo@bar.com"
  274. },
  275. {
  276. "doc_count": 1,
  277. "key": "foo@bar.com"
  278. },
  279. {
  280. "doc_count": 1,
  281. "key": "foo@bar.com"
  282. },
  283. {
  284. "doc_count": 1,
  285. "key": "foo@bar.com"
  286. },
  287. {
  288. "doc_count": 1,
  289. "key": "foo@bar.com"
  290. },
  291. {
  292. "doc_count": 1,
  293. "key": "foo@bar.com"
  294. },
  295. {
  296. "doc_count": 1,
  297. "key": "foo@bar.com"
  298. },
  299. {
  300. "doc_count": 1,
  301. "key": "foo@bar.com"
  302. },
  303. {
  304. "doc_count": 1,
  305. "key": "foo@bar.com"
  306. }
  307. ]
  308. },
  309. "key": "foo@bar.com"
  310. },
  311. {
  312. "doc_count": 25,
  313. "senders": {
  314. "doc_count_error_upper_bound": 0,
  315. "sum_other_doc_count": 0,
  316. "buckets": [
  317. {
  318. "doc_count": 13,
  319. "key": "foo@bar.com"
  320. },
  321. {
  322. "doc_count": 7,
  323. "key": "foo@bar.com"
  324. },
  325. {
  326. "doc_count": 5,
  327. "key": "foo@bar.com"
  328. }
  329. ]
  330. },
  331. "key": "foo@bar.com"
  332. },
  333. {
  334. "doc_count": 24,
  335. "senders": {
  336. "doc_count_error_upper_bound": 0,
  337. "sum_other_doc_count": 0,
  338. "buckets": [
  339. {
  340. "doc_count": 24,
  341. "key": "foo@bar.com"
  342. }
  343. ]
  344. },
  345. "key": "foo@bar.com"
  346. },
  347. {
  348. "doc_count": 24,
  349. "senders": {
  350. "doc_count_error_upper_bound": 0,
  351. "sum_other_doc_count": 0,
  352. "buckets": [
  353. {
  354. "doc_count": 3,
  355. "key": "foo@bar.com"
  356. },
  357. {
  358. "doc_count": 2,
  359. "key": "foo@bar.com"
  360. },
  361. {
  362. "doc_count": 2,
  363. "key": "foo@bar.com"
  364. },
  365. {
  366. "doc_count": 2,
  367. "key": "foo@bar.com"
  368. },
  369. {
  370. "doc_count": 2,
  371. "key": "foo@bar.com"
  372. },
  373. {
  374. "doc_count": 1,
  375. "key": "foo@bar.com"
  376. },
  377. {
  378. "doc_count": 1,
  379. "key": "foo@bar.com"
  380. },
  381. {
  382. "doc_count": 1,
  383. "key": "foo@bar.com"
  384. },
  385. {
  386. "doc_count": 1,
  387. "key": "foo@bar.com"
  388. },
  389. {
  390. "doc_count": 1,
  391. "key": "foo@bar.com"
  392. },
  393. {
  394. "doc_count": 1,
  395. "key": "foo@bar.com"
  396. },
  397. {
  398. "doc_count": 1,
  399. "key": "foo@bar.com"
  400. },
  401. {
  402. "doc_count": 1,
  403. "key": "foo@bar.com"
  404. },
  405. {
  406. "doc_count": 1,
  407. "key": "foo@bar.com"
  408. },
  409. {
  410. "doc_count": 1,
  411. "key": "foo@bar.com"
  412. },
  413. {
  414. "doc_count": 1,
  415. "key": "foo@bar.com"
  416. },
  417. {
  418. "doc_count": 1,
  419. "key": "foo@bar.com"
  420. },
  421. {
  422. "doc_count": 1,
  423. "key": "foo@bar.com"
  424. }
  425. ]
  426. },
  427. "key": "foo@bar.com"
  428. },
  429. {
  430. "doc_count": 23,
  431. "senders": {
  432. "doc_count_error_upper_bound": 0,
  433. "sum_other_doc_count": 0,
  434. "buckets": [
  435. {
  436. "doc_count": 23,
  437. "key": "foo@bar.com"
  438. }
  439. ]
  440. },
  441. "key": "foo@bar.com"
  442. },
  443. {
  444. "doc_count": 20,
  445. "senders": {
  446. "doc_count_error_upper_bound": 0,
  447. "sum_other_doc_count": 0,
  448. "buckets": [
  449. {
  450. "doc_count": 20,
  451. "key": "foo@bar.com"
  452. }
  453. ]
  454. },
  455. "key": "foo@bar.com"
  456. },
  457. {
  458. "doc_count": 20,
  459. "senders": {
  460. "doc_count_error_upper_bound": 0,
  461. "sum_other_doc_count": 0,
  462. "buckets": [
  463. {
  464. "doc_count": 4,
  465. "key": "foo@bar.com"
  466. },
  467. {
  468. "doc_count": 3,
  469. "key": "foo@bar.com"
  470. },
  471. {
  472. "doc_count": 2,
  473. "key": "foo@bar.com"
  474. },
  475. {
  476. "doc_count": 2,
  477. "key": "foo@bar.com"
  478. },
  479. {
  480. "doc_count": 1,
  481. "key": "foo@bar.com"
  482. },
  483. {
  484. "doc_count": 1,
  485. "key": "foo@bar.com"
  486. },
  487. {
  488. "doc_count": 1,
  489. "key": "foo@bar.com"
  490. },
  491. {
  492. "doc_count": 1,
  493. "key": "foo@bar.com"
  494. },
  495. {
  496. "doc_count": 1,
  497. "key": "foo@bar.com"
  498. },
  499. {
  500. "doc_count": 1,
  501. "key": "foo@bar.com"
  502. },
  503. {
  504. "doc_count": 1,
  505. "key": "foo@bar.com"
  506. },
  507. {
  508. "doc_count": 1,
  509. "key": "foo@bar.com"
  510. },
  511. {
  512. "doc_count": 1,
  513. "key": "foo@bar.com"
  514. }
  515. ]
  516. },
  517. "key": "foo@bar.com"
  518. },
  519. {
  520. "doc_count": 19,
  521. "senders": {
  522. "doc_count_error_upper_bound": 0,
  523. "sum_other_doc_count": 0,
  524. "buckets": [
  525. {
  526. "doc_count": 19,
  527. "key": "foo@bar.com"
  528. }
  529. ]
  530. },
  531. "key": "foo@bar.com"
  532. },
  533. {
  534. "doc_count": 17,
  535. "senders": {
  536. "doc_count_error_upper_bound": 0,
  537. "sum_other_doc_count": 0,
  538. "buckets": [
  539. {
  540. "doc_count": 17,
  541. "key": "foo@bar.com"
  542. }
  543. ]
  544. },
  545. "key": "foo@bar.com"
  546. },
  547. {
  548. "doc_count": 15,
  549. "senders": {
  550. "doc_count_error_upper_bound": 0,
  551. "sum_other_doc_count": 0,
  552. "buckets": [
  553. {
  554. "doc_count": 15,
  555. "key": "foo@bar.com"
  556. }
  557. ]
  558. },
  559. "key": "foo@bar.com"
  560. },
  561. {
  562. "doc_count": 14,
  563. "senders": {
  564. "doc_count_error_upper_bound": 0,
  565. "sum_other_doc_count": 0,
  566. "buckets": [
  567. {
  568. "doc_count": 14,
  569. "key": "foo@bar.com"
  570. }
  571. ]
  572. },
  573. "key": "foo@bar.com"
  574. },
  575. {
  576. "doc_count": 14,
  577. "senders": {
  578. "doc_count_error_upper_bound": 0,
  579. "sum_other_doc_count": 0,
  580. "buckets": [
  581. {
  582. "doc_count": 14,
  583. "key": "foo@bar.com"
  584. }
  585. ]
  586. },
  587. "key": "foo@bar.com"
  588. },
  589. {
  590. "doc_count": 13,
  591. "senders": {
  592. "doc_count_error_upper_bound": 0,
  593. "sum_other_doc_count": 0,
  594. "buckets": [
  595. {
  596. "doc_count": 3,
  597. "key": "foo@bar.com"
  598. },
  599. {
  600. "doc_count": 3,
  601. "key": "foo@bar.com"
  602. },
  603. {
  604. "doc_count": 2,
  605. "key": "foo@bar.com"
  606. },
  607. {
  608. "doc_count": 2,
  609. "key": "foo@bar.com"
  610. },
  611. {
  612. "doc_count": 1,
  613. "key": "foo@bar.com"
  614. },
  615. {
  616. "doc_count": 1,
  617. "key": "foo@bar.com"
  618. },
  619. {
  620. "doc_count": 1,
  621. "key": "foo@bar.com"
  622. }
  623. ]
  624. },
  625. "key": "foo@bar.com"
  626. },
  627. {
  628. "doc_count": 13,
  629. "senders": {
  630. "doc_count_error_upper_bound": 0,
  631. "sum_other_doc_count": 0,
  632. "buckets": [
  633. {
  634. "doc_count": 6,
  635. "key": "foo@bar.com"
  636. },
  637. {
  638. "doc_count": 1,
  639. "key": "foo@bar.com"
  640. },
  641. {
  642. "doc_count": 1,
  643. "key": "foo@bar.com"
  644. },
  645. {
  646. "doc_count": 1,
  647. "key": "foo@bar.com"
  648. },
  649. {
  650. "doc_count": 1,
  651. "key": "foo@bar.com"
  652. },
  653. {
  654. "doc_count": 1,
  655. "key": "foo@bar.com"
  656. },
  657. {
  658. "doc_count": 1,
  659. "key": "foo@bar.com"
  660. },
  661. {
  662. "doc_count": 1,
  663. "key": "foo@bar.com"
  664. }
  665. ]
  666. },
  667. "key": "foo@bar.com"
  668. },
  669. {
  670. "doc_count": 12,
  671. "senders": {
  672. "doc_count_error_upper_bound": 0,
  673. "sum_other_doc_count": 0,
  674. "buckets": [
  675. {
  676. "doc_count": 12,
  677. "key": "foo@bar.com"
  678. }
  679. ]
  680. },
  681. "key": "foo@bar.com"
  682. },
  683. {
  684. "doc_count": 12,
  685. "senders": {
  686. "doc_count_error_upper_bound": 0,
  687. "sum_other_doc_count": 0,
  688. "buckets": [
  689. {
  690. "doc_count": 12,
  691. "key": "foo@bar.com"
  692. }
  693. ]
  694. },
  695. "key": "foo@bar.com"
  696. },
  697. {
  698. "doc_count": 12,
  699. "senders": {
  700. "doc_count_error_upper_bound": 0,
  701. "sum_other_doc_count": 0,
  702. "buckets": [
  703. {
  704. "doc_count": 12,
  705. "key": "foo@bar.com"
  706. }
  707. ]
  708. },
  709. "key": "foo@bar.com"
  710. },
  711. {
  712. "doc_count": 12,
  713. "senders": {
  714. "doc_count_error_upper_bound": 0,
  715. "sum_other_doc_count": 0,
  716. "buckets": [
  717. {
  718. "doc_count": 5,
  719. "key": "foo@bar.com"
  720. },
  721. {
  722. "doc_count": 2,
  723. "key": "foo@bar.com"
  724. },
  725. {
  726. "doc_count": 2,
  727. "key": "foo@bar.com"
  728. },
  729. {
  730. "doc_count": 1,
  731. "key": "foo@bar.com"
  732. },
  733. {
  734. "doc_count": 1,
  735. "key": "foo@bar.com"
  736. },
  737. {
  738. "doc_count": 1,
  739. "key": "foo@bar.com"
  740. }
  741. ]
  742. },
  743. "key": "foo@bar.com"
  744. },
  745. {
  746. "doc_count": 12,
  747. "senders": {
  748. "doc_count_error_upper_bound": 0,
  749. "sum_other_doc_count": 0,
  750. "buckets": [
  751. {
  752. "doc_count": 9,
  753. "key": "foo@bar.com"
  754. },
  755. {
  756. "doc_count": 3,
  757. "key": "foo@bar.com"
  758. }
  759. ]
  760. },
  761. "key": "foo@bar.com"
  762. },
  763. {
  764. "doc_count": 11,
  765. "senders": {
  766. "doc_count_error_upper_bound": 0,
  767. "sum_other_doc_count": 0,
  768. "buckets": [
  769. {
  770. "doc_count": 11,
  771. "key": "foo@bar.com"
  772. }
  773. ]
  774. },
  775. "key": "foo@bar.com"
  776. },
  777. {
  778. "doc_count": 11,
  779. "senders": {
  780. "doc_count_error_upper_bound": 0,
  781. "sum_other_doc_count": 0,
  782. "buckets": [
  783. {
  784. "doc_count": 6,
  785. "key": "foo@bar.com"
  786. },
  787. {
  788. "doc_count": 4,
  789. "key": "foo@bar.com"
  790. },
  791. {
  792. "doc_count": 1,
  793. "key": "foo@bar.com"
  794. }
  795. ]
  796. },
  797. "key": "foo@bar.com"
  798. },
  799. {
  800. "doc_count": 11,
  801. "senders": {
  802. "doc_count_error_upper_bound": 0,
  803. "sum_other_doc_count": 0,
  804. "buckets": [
  805. {
  806. "doc_count": 11,
  807. "key": "foo@bar.com"
  808. }
  809. ]
  810. },
  811. "key": "foo@bar.com"
  812. },
  813. {
  814. "doc_count": 11,
  815. "senders": {
  816. "doc_count_error_upper_bound": 0,
  817. "sum_other_doc_count": 0,
  818. "buckets": [
  819. {
  820. "doc_count": 11,
  821. "key": "foo@bar.com"
  822. }
  823. ]
  824. },
  825. "key": "foo@bar.com"
  826. }
  827. ]
  828. }
  829. }
  830. },
  831. "search": {
  832. "request": {
  833. "search_type": "query_then_fetch",
  834. "indices": [
  835. "clog-*"
  836. ],
  837. "types": [],
  838. "body": {
  839. "size": 0,
  840. "query": {
  841. "bool": {
  842. "must": [
  843. {
  844. "query_string": {
  845. "query": "source_affiliate: ukmail AND _exists_:hdr_xredir",
  846. "analyze_wildcard": false
  847. }
  848. },
  849. {
  850. "range": {
  851. "@timestamp": {
  852. "gte": "now-1h"
  853. }
  854. }
  855. }
  856. ],
  857. "filter": [],
  858. "should": [],
  859. "must_not": []
  860. }
  861. },
  862. "aggs": {
  863. "forward_address": {
  864. "terms": {
  865. "field": "rcptto_list.keyword",
  866. "size": 1000,
  867. "min_doc_count": 11
  868. },
  869. "aggs": {
  870. "senders": {
  871. "terms": {
  872. "field": "hdr_xredir.keyword",
  873. "size": 100
  874. }
  875. }
  876. }
  877. }
  878. }
  879. }
  880. }
  881. }
  882. },
  883. "condition": {
  884. "type": "script",
  885. "status": "success",
  886. "met": true
  887. },
  888. "actions": [
  889. {
  890. "id": "log",
  891. "type": "logging",
  892. "status": "success",
  893. "logging": {
  894. "logged_text": "There are documents in your index. Threshold is 10, trigger is "
  895. }
  896. }
  897. ]
  898. },
  899. "messages": []
  900. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!