54 lines
1.2 KiB
Python
54 lines
1.2 KiB
Python
|
import json
|
||
|
|
||
|
import requests
|
||
|
from requests.auth import HTTPBasicAuth
|
||
|
|
||
|
from checker.units import filesize
|
||
|
|
||
|
es_url = 'http://xxxxx:9200/elastiflow-flow-ecs-*/_search'
|
||
|
|
||
|
query = {
|
||
|
"query": {
|
||
|
"bool": {
|
||
|
"must": [
|
||
|
{
|
||
|
"range": {
|
||
|
"@timestamp": {
|
||
|
"gte": "now-5m",
|
||
|
"lte": "now"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"term": {
|
||
|
"client.ip": "10.0.0.9"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
},
|
||
|
"aggs": {
|
||
|
"total_traffic": {
|
||
|
"sum": {
|
||
|
"field": "network.bytes"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# Headers
|
||
|
headers = {'Content-Type': 'application/json'}
|
||
|
|
||
|
username = 'elastic'
|
||
|
password = 'xxx'
|
||
|
|
||
|
response = requests.post(es_url, headers=headers, data=json.dumps(query), auth=HTTPBasicAuth(username, password))
|
||
|
data = response.json()
|
||
|
total_bytes = 0
|
||
|
|
||
|
for hit in data['hits']['hits']:
|
||
|
total_bytes += hit['_source']['network.bytes']
|
||
|
|
||
|
total_bytes_h = filesize(total_bytes)
|
||
|
print(f'Total bytes: {total_bytes_h}')
|