get top 100 src_ip's

2025-04-20 06:02:24 +00:00 · 2020-03-11 13:51:49 +00:00 · 2020-03-11 13:51:49 +00:00 · 5319c548ad
commit 5319c548ad
parent 857190ec20
2 changed files with 28 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,6 @@
 # Changelog

-## 20203010
+## 20200310
 - **Add 2FA to Cockpit**
  - Just run `2fa.sh` to enable two factor authentication in Cockpit.
 - **Find fastest mirror with netselect-apt**
--- a/bin/mytopips.sh
+++ b/bin/mytopips.sh
@ -0,0 +1,27 @@
+#!/bin/bash
+# Make sure ES is available
+myES="http://127.0.0.1:64298/"
+myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
+if ! [ "$myESSTATUS" = "1" ]
+  then
+    echo "### Elasticsearch is not available, try starting via 'systemctl start elk'."
+    exit 1
+  else
+    echo "### Elasticsearch is available, now continuing."
+    echo
+fi
+
+function fuMYTOPIPS {
+curl -s -XGET $myES"_search" -H 'Content-Type: application/json' -d'
+{
+  "aggs": {
+    "ips": {
+      "terms": { "field": "src_ip.keyword", "size": 100 }
+    }
+  },
+  "size" : 0
+}'
+}
+
+echo "### Aggregating top 100 source IPs in ES"
+fuMYTOPIPS | jq '.aggregations.ips.buckets[].key' | tr -d '"'