diff --git a/http_requests/stream-tab-requests.http b/http_requests/stream-tab-requests.http new file mode 100644 index 000000000..ca97005ab --- /dev/null +++ b/http_requests/stream-tab-requests.http @@ -0,0 +1,701 @@ +POST http://localhost:8080/logs-*/_async_search?batched_reduce_size=64&ccs_minimize_roundtrips=true&wait_for_completion_timeout=200ms&keep_on_completion=false&keep_alive=60000ms&ignore_unavailable=true&allow_no_indices=true +user-agent: Kibana/8.11.1 +x-elastic-product-origin: kibana +x-opaque-id: 75fec6c0-e47b-4c70-9143-cd8254398f05;kibana:application:logs:;application:logs: +x-elastic-client-meta: es=8.9.1p,js=18.18.2,t=8.3.3,hc=18.18.2 +content-type: application/vnd.elasticsearch+json; compatible-with=8 +accept: application/vnd.elasticsearch+json; compatible-with=8 +content-length: 3490 +traceparent: 00-8cc24eb6df13d4d818db3913085b1233-38dc37abe48e9dc5-00 +tracestate: es=s:0 +Host: localhost:8080 +Connection: keep-alive + +{ + "_source": false, + "fields": [ + "event.dataset", + "apache2.access.*", + "apache2.access.remote_ip", + "apache2.access.user_name", + "apache2.access.method", + "apache2.access.url", + "apache2.access.http_version", + "apache2.access.response_code", + "apache2.access.body_sent.bytes", + "log.level", + "message", + "apache2.error.message", + "apache2.error.level", + "nginx.access.method", + "nginx.access.remote_ip", + "nginx.access.user_name", + "nginx.access.url", + "nginx.access.http_version", + "nginx.access.response_code", + "nginx.access.body_sent.bytes", + "nginx.error.message", + "nginx.error.level", + "redis.log.message", + "redis.log.level", + "system.syslog.message", + "system.syslog.program", + "system.auth.message", + "system.auth.program", + "system.auth.ssh.event", + "system.auth.user", + "system.auth.ssh.ip", + "system.auth.ssh.dropped_ip", + "mysql.error.message", + "ecs.version", + "mysql.slowlog.query", + "user.name", + "source.domain", + "source.ip", + "event.duration", + "mysql.slowlog.user", + "mysql.slowlog.query_time.sec", + "mysql.slowlog.host", + "mysql.slowlog.ip", + "event.action", + "event.outcome", + "auditd.log.*", + "user.*", + "process.*", + "auditd.log.record_type", + "auditd.log.src", + "auditd.log.dst", + "auditd.log.op", + "auditd.log.exe", + "auditd.log.gid", + "auditd.log.uid", + "auditd.log.tty", + "auditd.log.pid", + "auditd.log.ppid", + "auditd.log.msg", + "haproxy.http.request.raw_request_line", + "source.address", + "source.port", + "haproxy.frontend_name", + "haproxy.backend_name", + "haproxy.server_name", + "http.response.status_code", + "haproxy.http.request.time_wait_ms", + "haproxy.connection_wait_time_ms", + "haproxy.http.request.time_wait_without_data_ms", + "haproxy.connections.active", + "haproxy.connections.frontend", + "haproxy.connections.backend", + "haproxy.connections.server", + "haproxy.connections.retries", + "haproxy.server_queue", + "haproxy.backend_queue", + "haproxy.error_message", + "haproxy.client.ip", + "haproxy.client.port", + "haproxy.http.response.status_code", + "haproxy.total_waiting_time_ms", + "haproxy.http.request.time_active_ms", + "icinga.main.message", + "icinga.main.facility", + "icinga.main.severity", + "icinga.debug.message", + "icinga.debug.facility", + "icinga.debug.severity", + "icinga.startup.message", + "icinga.startup.facility", + "icinga.startup.severity", + "iis.access.method", + "iis.access.remote_ip", + "iis.access.user_name", + "iis.access.url", + "iis.access.http_version", + "iis.access.response_code", + "iis.access.body_sent.bytes", + "iis.error.url", + "iis.error.remote_ip", + "iis.error.method", + "iis.error.http_version", + "iis.error.response_code", + "iis.error.reason_phrase", + "logstash.log.message", + "logstash.log.level", + "logstash.log.module", + "logstash.slowlog.*", + "logstash.slowlog.message", + "logstash.slowlog.level", + "logstash.slowlog.module", + "mongodb.log.message", + "mongodb.log.component", + "osquery.result.name", + "osquery.result.action", + "osquery.result.host_identifier", + "osquery.result.columns.*", + "traefik.access.method", + "traefik.access.remote_ip", + "traefik.access.frontend_name", + "traefik.access.backend_url", + "traefik.access.url", + "traefik.access.http_version", + "traefik.access.response_code", + "traefik.access.body_sent.bytes", + "url.path", + "event.module", + "http.request.method", + "url.query", + "http.version", + "http.response.body.bytes", + "url.original", + "error.stack_trace.text", + "@message", + "log.original", + "event.original", + "log.path", + "log.file.path", + "host.name", + "container.id" + ], + "query": { + "bool": { + "filter": [ + { + "bool": { + "filter": [], + "must": [], + "must_not": [], + "should": [] + } + }, + { + "range": { + "@timestamp": { + "format": "epoch_millis", + "gte": 1715839388127, + "lte": 1715925788127 + } + } + } + ] + } + }, + "runtime_mappings": {}, + "size": 201, + "sort": { + "@timestamp": "desc", + "_doc": "desc" + }, + "track_scores": false, + "track_total_hits": true +} + +### + +POST http://localhost:8080/logs-*/_field_caps?ignore_unavailable=true&allow_no_indices=true +user-agent: Kibana/8.11.1 +x-elastic-product-origin: kibana +x-opaque-id: 5f3f9e31-e6a1-4326-b43d-9b3e20b60f96;kibana:application:logs: +x-elastic-client-meta: es=8.9.1p,js=18.18.2,t=8.3.3,hc=18.18.2 +content-type: application/vnd.elasticsearch+json; compatible-with=8 +accept: application/vnd.elasticsearch+json; compatible-with=8 +content-length: 16 +traceparent: 00-3f3eb75eff84a91823438026729ecdd5-5c9c0a78ac7f69fd-00 +tracestate: es=s:0 +Host: localhost:8080 +Connection: keep-alive + +{ + "fields": [ + "*" + ] +} + +### + +POST http://localhost:8080/logs-*/_search?allow_no_indices=true&ignore_unavailable=true HTTP/1.1 +user-agent: Kibana/8.11.1 +x-elastic-product-origin: kibana +x-opaque-id: 5f3f9e31-e6a1-4326-b43d-9b3e20b60f96;kibana:application:logs: +x-elastic-client-meta: es=8.9.1p,js=18.18.2,t=8.3.3,hc=18.18.2 +content-type: application/vnd.elasticsearch+json; compatible-with=8 +accept: application/vnd.elasticsearch+json; compatible-with=8 +content-length: 4663 +traceparent: 00-3f3eb75eff84a91823438026729ecdd5-5c9c0a78ac7f69fd-00 +tracestate: es=s:0 +Host: localhost:8080 +Connection: keep-alive + +{ + "aggregations": { + "count_by_date": { + "aggregations": { + "top_hits_by_key": { + "top_hits": { + "_source": false, + "size": 1, + "sort": [ + { + "@timestamp": "asc" + }, + { + "_doc": "asc" + } + ] + } + } + }, + "date_range": { + "field": "@timestamp", + "format": "epoch_millis", + "ranges": [ + { + "from": 1715859503050, + "to": 1715860367050 + }, + { + "from": 1715860367050, + "to": 1715861231050 + }, + { + "from": 1715861231050, + "to": 1715862095050 + }, + { + "from": 1715862095050, + "to": 1715862959050 + }, + { + "from": 1715862959050, + "to": 1715863823050 + }, + { + "from": 1715863823050, + "to": 1715864687050 + }, + { + "from": 1715864687050, + "to": 1715865551050 + }, + { + "from": 1715865551050, + "to": 1715866415050 + }, + { + "from": 1715866415050, + "to": 1715867279050 + }, + { + "from": 1715867279050, + "to": 1715868143050 + }, + { + "from": 1715868143050, + "to": 1715869007050 + }, + { + "from": 1715869007050, + "to": 1715869871050 + }, + { + "from": 1715869871050, + "to": 1715870735050 + }, + { + "from": 1715870735050, + "to": 1715871599050 + }, + { + "from": 1715871599050, + "to": 1715872463050 + }, + { + "from": 1715872463050, + "to": 1715873327050 + }, + { + "from": 1715873327050, + "to": 1715874191050 + }, + { + "from": 1715874191050, + "to": 1715875055050 + }, + { + "from": 1715875055050, + "to": 1715875919050 + }, + { + "from": 1715875919050, + "to": 1715876783050 + }, + { + "from": 1715876783050, + "to": 1715877647050 + }, + { + "from": 1715877647050, + "to": 1715878511050 + }, + { + "from": 1715878511050, + "to": 1715879375050 + }, + { + "from": 1715879375050, + "to": 1715880239050 + }, + { + "from": 1715880239050, + "to": 1715881103050 + }, + { + "from": 1715881103050, + "to": 1715881967050 + }, + { + "from": 1715881967050, + "to": 1715882831050 + }, + { + "from": 1715882831050, + "to": 1715883695050 + }, + { + "from": 1715883695050, + "to": 1715884559050 + }, + { + "from": 1715884559050, + "to": 1715885423050 + }, + { + "from": 1715885423050, + "to": 1715886287050 + }, + { + "from": 1715886287050, + "to": 1715887151050 + }, + { + "from": 1715887151050, + "to": 1715888015050 + }, + { + "from": 1715888015050, + "to": 1715888879050 + }, + { + "from": 1715888879050, + "to": 1715889743050 + }, + { + "from": 1715889743050, + "to": 1715890607050 + }, + { + "from": 1715890607050, + "to": 1715891471050 + }, + { + "from": 1715891471050, + "to": 1715892335050 + }, + { + "from": 1715892335050, + "to": 1715893199050 + }, + { + "from": 1715893199050, + "to": 1715894063050 + }, + { + "from": 1715894063050, + "to": 1715894927050 + }, + { + "from": 1715894927050, + "to": 1715895791050 + }, + { + "from": 1715895791050, + "to": 1715896655050 + }, + { + "from": 1715896655050, + "to": 1715897519050 + }, + { + "from": 1715897519050, + "to": 1715898383050 + }, + { + "from": 1715898383050, + "to": 1715899247050 + }, + { + "from": 1715899247050, + "to": 1715900111050 + }, + { + "from": 1715900111050, + "to": 1715900975050 + }, + { + "from": 1715900975050, + "to": 1715901839050 + }, + { + "from": 1715901839050, + "to": 1715902703050 + }, + { + "from": 1715902703050, + "to": 1715903567050 + }, + { + "from": 1715903567050, + "to": 1715904431050 + }, + { + "from": 1715904431050, + "to": 1715905295050 + }, + { + "from": 1715905295050, + "to": 1715906159050 + }, + { + "from": 1715906159050, + "to": 1715907023050 + }, + { + "from": 1715907023050, + "to": 1715907887050 + }, + { + "from": 1715907887050, + "to": 1715908751050 + }, + { + "from": 1715908751050, + "to": 1715909615050 + }, + { + "from": 1715909615050, + "to": 1715910479050 + }, + { + "from": 1715910479050, + "to": 1715911343050 + }, + { + "from": 1715911343050, + "to": 1715912207050 + }, + { + "from": 1715912207050, + "to": 1715913071050 + }, + { + "from": 1715913071050, + "to": 1715913935050 + }, + { + "from": 1715913935050, + "to": 1715914799050 + }, + { + "from": 1715914799050, + "to": 1715915663050 + }, + { + "from": 1715915663050, + "to": 1715916527050 + }, + { + "from": 1715916527050, + "to": 1715917391050 + }, + { + "from": 1715917391050, + "to": 1715918255050 + }, + { + "from": 1715918255050, + "to": 1715919119050 + }, + { + "from": 1715919119050, + "to": 1715919983050 + }, + { + "from": 1715919983050, + "to": 1715920847050 + }, + { + "from": 1715920847050, + "to": 1715921711050 + }, + { + "from": 1715921711050, + "to": 1715922575050 + }, + { + "from": 1715922575050, + "to": 1715923439050 + }, + { + "from": 1715923439050, + "to": 1715924303050 + }, + { + "from": 1715924303050, + "to": 1715925167050 + }, + { + "from": 1715925167050, + "to": 1715926031050 + }, + { + "from": 1715926031050, + "to": 1715926895050 + }, + { + "from": 1715926895050, + "to": 1715927759050 + }, + { + "from": 1715927759050, + "to": 1715928623050 + }, + { + "from": 1715928623050, + "to": 1715929487050 + }, + { + "from": 1715929487050, + "to": 1715930351050 + }, + { + "from": 1715930351050, + "to": 1715931215050 + }, + { + "from": 1715931215050, + "to": 1715932079050 + }, + { + "from": 1715932079050, + "to": 1715932943050 + }, + { + "from": 1715932943050, + "to": 1715933807050 + }, + { + "from": 1715933807050, + "to": 1715934671050 + }, + { + "from": 1715934671050, + "to": 1715935535050 + }, + { + "from": 1715935535050, + "to": 1715936399050 + }, + { + "from": 1715936399050, + "to": 1715937263050 + }, + { + "from": 1715937263050, + "to": 1715938127050 + }, + { + "from": 1715938127050, + "to": 1715938991050 + }, + { + "from": 1715938991050, + "to": 1715939855050 + }, + { + "from": 1715939855050, + "to": 1715940719050 + }, + { + "from": 1715940719050, + "to": 1715941583050 + }, + { + "from": 1715941583050, + "to": 1715942447050 + }, + { + "from": 1715942447050, + "to": 1715943311050 + }, + { + "from": 1715943311050, + "to": 1715944175050 + }, + { + "from": 1715944175050, + "to": 1715945039050 + }, + { + "from": 1715945039050, + "to": 1715945903050 + } + ] + } + } + }, + "query": { + "bool": { + "filter": [ + { + "bool": { + "filter": [], + "must": [], + "must_not": [], + "should": [] + } + }, + { + "range": { + "@timestamp": { + "format": "epoch_millis", + "gte": 1715859503050, + "lte": 1715945903050 + } + } + } + ] + } + }, + "runtime_mappings": {}, + "size": 0, + "track_total_hits": false +} + +### + +POST http://localhost:8080/logs-*/_async_search?batched_reduce_size=64&ccs_minimize_roundtrips=true&wait_for_completion_timeout=200ms&keep_on_completion=false&keep_alive=60000ms&ignore_unavailable=true&allow_no_indices=true +user-agent: Kibana/8.11.1 +x-elastic-product-origin: kibana +x-opaque-id: de071f93-5a71-4644-a122-9f1f88ab41bf;kibana:application:logs:;application:logs: +x-elastic-client-meta: es=8.9.1p,js=18.18.2,t=8.3.3,hc=18.18.2 +content-type: application/vnd.elasticsearch+json; compatible-with=8 +accept: application/vnd.elasticsearch+json; compatible-with=8 +content-length: 51 +traceparent: 00-0ea1221af11a024ffe805378e6576ba7-81c5e296772728cf-00 +tracestate: es=s:0 +Host: localhost:8080 +Connection: keep-alive + +{ + "size": 0, + "terminate_after": 1, + "track_total_hits": 1 +}