​
Select Service
ves-io-schema-log-CustomAPI-FirewallLogAggregationQuery
Published April 5, 2023 | Last modified May 30, 2025
Examples of performing log CustomAPI FirewallLogAggregationQuery
Usecase:
Firewall Log Aggregation query for virtual host vhost1 in namespace ns1
Request:
Request using vesctl:
vesctl request rpc log.CustomAPI.FirewallLogAggregationQuery -i request.yaml --uri /public/namespaces/system/firewall_logs/aggregation --http-method POST
where file request.yaml has following contents:
aggs:
date_histogram:
dateAggregation:
step: 1h
site:
fieldAggregation:
topk: 3
unique_dst_ip:
cardinalityAggregation:
field: DST_IP
endTime: "1591131600"
query: '{policy_hits.result="deny"}'
startTime: "1591120800"
Copied!
vesctl yaml response:
aggs:
date_histogram:
dateAggregation:
buckets:
- count: "224"
subAggs: {}
time: "1591120800000"
- count: "533"
subAggs: {}
time: "1591124400000"
- count: "525"
subAggs: {}
time: "1591128000000"
site:
fieldAggregation:
buckets:
- count: "456"
key: site-1
subAggs: {}
- count: "230"
key: site-2
subAggs: {}
- count: "45"
key: site-3
subAggs: {}
unique_dst_ip:
cardinalityAggregation:
count: "100"
totalHits: "1282"
Copied!
Request using curl:
curl -X 'POST' -d '{"query":"{policy_hits.result=\"deny\"}","start_time":"1591120800","end_time":"1591131600","aggs":{"date_histogram":{"date_aggregation":{"step":"1h"}},"site":{"field_aggregation":{"topk":3}},"unique_dst_ip":{"cardinality_aggregation":{"field":"DST_IP"}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_var_folders_q2_3kp8z3zs0x5_m7pk1bgb0_ph0000gp_T_go-build1497866850_b001_apidocs.test/host=MTY6VVHQPH/svc=S:examplesvc/site=mytestce01' 'https://acmecorp.console.ves.volterra.io/api/data/namespaces/system/firewall_logs/aggregation'
Copied!
curl response:
HTTP/1.1 200 OK
Content-Type: application/json
Date: Fri, 30 May 2025 01:20:38 GMT
Vary: Accept-Encoding
{
"total_hits": "1282",
"aggs": {
"date_histogram": {
"date_aggregation": {
"buckets": [
{
"time": "1591120800000",
"count": "224",
"sub_aggs": {
},
"trend_value": null
},
{
"time": "1591124400000",
"count": "533",
"sub_aggs": {
},
"trend_value": null
},
{
"time": "1591128000000",
"count": "525",
"sub_aggs": {
},
"trend_value": null
}
],
"step": ""
},
"field_aggregation": null,
"multi_field_aggregation": null,
"cardinality_aggregation": null,
"metrics_aggregation": null,
"max_aggregation": null,
"min_aggregation": null,
"avg_aggregation": null,
"filter_aggregation": null,
"multi_filter_aggregation": null
},
"site": {
"date_aggregation": null,
"field_aggregation": {
"buckets": [
{
"key": "site-1",
"count": "456",
"sub_aggs": {
},
"trend_value": null,
"order_by": null
},
{
"key": "site-2",
"count": "230",
"sub_aggs": {
},
"trend_value": null,
"order_by": null
},
{
"key": "site-3",
"count": "45",
"sub_aggs": {
},
"trend_value": null,
"order_by": null
}
]
},
"multi_field_aggregation": null,
"cardinality_aggregation": null,
"metrics_aggregation": null,
"max_aggregation": null,
"min_aggregation": null,
"avg_aggregation": null,
"filter_aggregation": null,
"multi_filter_aggregation": null
},
"unique_dst_ip": {
"date_aggregation": null,
"field_aggregation": null,
"multi_field_aggregation": null,
"cardinality_aggregation": {
"count": "100",
"trend_value": null
},
"metrics_aggregation": null,
"max_aggregation": null,
"min_aggregation": null,
"avg_aggregation": null,
"filter_aggregation": null,
"multi_filter_aggregation": null
}
}
}
Copied!