icinga2-checks/check_elastiflow_traffic_fo...

54 lines
1.2 KiB
Python
Raw Normal View History

2023-11-19 16:08:45 -07:00
import json
import requests
from requests.auth import HTTPBasicAuth
from checker.units import filesize
es_url = 'http://xxxxx:9200/elastiflow-flow-ecs-*/_search'
query = {
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-5m",
"lte": "now"
}
}
},
{
"term": {
"client.ip": "10.0.0.9"
}
}
]
}
},
"aggs": {
"total_traffic": {
"sum": {
"field": "network.bytes"
}
}
}
}
# Headers
headers = {'Content-Type': 'application/json'}
username = 'elastic'
password = 'xxx'
response = requests.post(es_url, headers=headers, data=json.dumps(query), auth=HTTPBasicAuth(username, password))
data = response.json()
total_bytes = 0
for hit in data['hits']['hits']:
total_bytes += hit['_source']['network.bytes']
total_bytes_h = filesize(total_bytes)
print(f'Total bytes: {total_bytes_h}')