API Docs
Knowledgebase
Training
menu icon
  1. Home
  2.  / Reference
  3.  / API Reference
  4.  / ves-io-schema-log-CustomAPI-FirewallLogAggregationQuery

ves-io-schema-log-CustomAPI-FirewallLogAggregationQuery

On This Page:

Examples of performing log CustomAPI FirewallLogAggregationQuery

Usecase:

Firewall Log Aggregation query for virtual host vhost1 in namespace ns1

Request:

Request using vesctl:

vesctl request rpc log.CustomAPI.FirewallLogAggregationQuery -i request.yaml --uri /public/namespaces/system/firewall_logs/aggregation --http-method POST

where file request.yaml has following contents:

aggs:
  date_histogram:
    dateAggregation:
      step: 1h
  site:
    fieldAggregation:
      topk: 3
  unique_dst_ip:
    cardinalityAggregation:
      field: DST_IP
endTime: "1591131600"
query: '{policy_hits.result="deny"}'
startTime: "1591120800"

vesctl yaml response:

aggs:
  date_histogram:
    dateAggregation:
      buckets:
      - count: "224"
        subAggs: {}
        time: "1591120800000"
      - count: "533"
        subAggs: {}
        time: "1591124400000"
      - count: "525"
        subAggs: {}
        time: "1591128000000"
  site:
    fieldAggregation:
      buckets:
      - count: "456"
        key: site-1
        subAggs: {}
      - count: "230"
        key: site-2
        subAggs: {}
      - count: "45"
        key: site-3
        subAggs: {}
  unique_dst_ip:
    cardinalityAggregation:
      count: "100"
totalHits: "1282"

Request using curl:

curl -X 'POST' -d '{"query":"{policy_hits.result="deny"}","start_time":"1591120800","end_time":"1591131600","aggs":{"date_histogram":{"date_aggregation":{"step":"1h"}},"site":{"field_aggregation":{"topk":3}},"unique_dst_ip":{"cardinality_aggregation":{"field":"DST_IP"}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build1976782728_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/data/namespaces/system/firewall_logs/aggregation'

curl response:

HTTP/1.1 200 OK
Content-Length: 1286
Content-Type: application/json
Date: Mon, 06 Jun 2022 10:17:23 GMT
Vary: Accept-Encoding

{
  "total_hits": "1282",
  "aggs": {
    "date_histogram": {
      "date_aggregation": {
        "buckets": [
          {
            "time": "1591120800000",
            "count": "224",
            "sub_aggs": {
            }
          },
          {
            "time": "1591124400000",
            "count": "533",
            "sub_aggs": {
            }
          },
          {
            "time": "1591128000000",
            "count": "525",
            "sub_aggs": {
            }
          }
        ]
      },
      "field_aggregation": null,
      "cardinality_aggregation": null
    },
    "site": {
      "date_aggregation": null,
      "field_aggregation": {
        "buckets": [
          {
            "key": "site-1",
            "count": "456",
            "sub_aggs": {
            }
          },
          {
            "key": "site-2",
            "count": "230",
            "sub_aggs": {
            }
          },
          {
            "key": "site-3",
            "count": "45",
            "sub_aggs": {
            }
          }
        ]
      },
      "cardinality_aggregation": null
    },
    "unique_dst_ip": {
      "date_aggregation": null,
      "field_aggregation": null,
      "cardinality_aggregation": {
        "count": "100"
      }
    }
  }
}

© 2022 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information