Elasticsearch Example Queries
Create Index
สร้าง index ใหม่ ชื่อว่า myIndex
PUT /myIndex
{ "settings": { "number_of_shards": 1 }}insert ข้อมูลใน index โดยใช้ API
POST /myIndex
{
"field": "value",
"id": 1,
"name": "myName"
}Query Data
_search
GET http://elasticsearch_ip:port/_search
เรียกข้อมูลทั้งหมดใน Elasticsearch
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 977265,
"max_score": 1.0,
"hits": [
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "FRo-em8BizBI-jLGQ-3Y",
"_score": 1.0,
"_source": {
"dev_id": "FG100D3G16805066",
"os_name": "Windows",
"vd": "root",
"appcat": "Network.Service",
"appid": "41540",
"tz": "+0700",
"countapp": "2",
"mastersrcmac": "d8:cb:8a:7e:59:64",
"srcswversion": "10",
"eventtime": "1578303898691079786",
"_raw": "date=2020-01-06 time=16:44:57 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1578303898691079786 tz=\"+0700\" srcip=192.168.1.9 srcname=\"Mario\" srcport=51008 srcintf=\"lan\" srcintfrole=\"lan\" dstip=13.250.127.74 dstport=8002 dstintf=\"wan1\" dstintfrole=\"undefined\" poluuid=\"248b4be2-5d4a-51e7-33b6-0067c863e839\" sessionid=1198303 proto=6 action=\"client-rst\" user=\"Mario\" group=\"Users\" policyid=17 policytype=\"policy\" service=\"tcp/8002\" dstcountry=\"Singapore\" srccountry=\"Reserved\" trandisp=\"snat\" transip=182.52.224.121 transport=51008 appid=41540 app=\"SSL_TLSv1.2\" appcat=\"Network.Service\" apprisk=\"medium\" applist=\"default\" duration=21 sentbyte=7479 rcvdbyte=4594 sentpkt=18 utmaction=\"allow\" countapp=2 osname=\"Windows\" srcswversion=\"10\" mastersrcmac=\"d8:cb:8a:7e:59:64\" srcmac=\"d8:cb:8a:7e:59:64\" srcserver=0",
"src_interface_role": "lan",
"geoip": {
"timezone": "Asia/Singapore",
"region_name": "Central Singapore Community Development Council",
"latitude": 1.2854999999999999,
"region_code": "01",
"location": {
"lon": 103.8565,
"lat": 1.2854999999999999
},
"city_name": "Singapore",
"country_code3": "SG",
"ip": "13.250.127.74",
"country_code2": "SG",
"continent_code": "AS",
"longitude": 103.8565,
"country_name": "Singapore"
},
"syslog5424_pri": "133",
"time": "16:44:57",
"src_port": "51008",
"level": "notice",
"apprisk": "medium",
"dest_interface": "wan1",
"src_mac": "d8:cb:8a:7e:59:64",
"dest_country": "Singapore",
"dev_name": "ragnar-gw",
"src_server": "0",
"service": "tcp/8002",
"utmaction": "allow",
"group": "Users",
"duration": "21",
"src_hostname": "Mario",
"logid": "0000000013",
"policy_id": "17",
"bytes_out": 7479,
"src_interface": "lan",
"date": "2020-01-06",
"src_country": "Reserved",
"action": "client-rst",
"_time": "2020-01-06 16:44:57",
"dest_ip": "13.250.127.74",
"@version": "1",
"sessionid": "1198303",
"app": "SSL_TLSv1.2",
"@timestamp": "2020-01-06T09:44:57.000Z",
"dstintfrole": "undefined",
"transip": "182.52.224.121",
"bytes_in": 4594,
"type": "traffic",
"policytype": "policy",
"user": "Mario",
"host": "10.255.0.2",
"src_ip": "192.168.1.9",
"dest_port": "8002",
"applist": "default",
"protocol": "6",
"trandisp": "snat",
"subtype": "forward",
"transport": "51008",
"poluuid": "248b4be2-5d4a-51e7-33b6-0067c863e839",
"out_pkt": "18"
}
},
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "Nho-em8BizBI-jLGYO3g",
"_score": 1.0,
"_source": {
"in_pkt": "247",
"dev_id": "FG100D3G16805066",
"os_name": "Windows",
"vd": "root",
"appcat": "Business",
"appid": "17466",
"tz": "+0700",
"mastersrcmac": "d8:cb:8a:7e:59:64",
"srcswversion": "10",
"eventtime": "1578303906123288513",
"_raw": "date=2020-01-06 time=16:45:05 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"0000000020\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1578303906123288513 tz=\"+0700\" srcip=192.168.1.9 srcname=\"Mario\" srcport=63535 srcintf=\"lan\" srcintfrole=\"lan\" dstip=8.39.55.197 dstport=443 dstintf=\"wan1\" dstintfrole=\"undefined\" poluuid=\"248b4be2-5d4a-51e7-33b6-0067c863e839\" sessionid=1175919 proto=6 action=\"accept\" user=\"Mario\" group=\"Users\" policyid=17 policytype=\"policy\" service=\"HTTPS\" dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=\"snat\" transip=182.52.224.121 transport=63535 appid=17466 app=\"Zoho\" appcat=\"Business\" apprisk=\"elevated\" applist=\"default\" duration=3344 sentbyte=19837 rcvdbyte=17586 sentpkt=244 rcvdpkt=247 sentdelta=658 rcvddelta=484 osname=\"Windows\" srcswversion=\"10\" mastersrcmac=\"d8:cb:8a:7e:59:64\" srcmac=\"d8:cb:8a:7e:59:64\" srcserver=0",
"src_interface_role": "lan",
"geoip": {
"longitude": -97.822,
"location": {
"lon": -97.822,
"lat": 37.751
},
"country_code3": "US",
"ip": "8.39.55.197",
"country_code2": "US",
"latitude": 37.751,
"continent_code": "NA",
"country_name": "United States"
},
"syslog5424_pri": "133",
"time": "16:45:05",
"src_port": "63535",
"level": "notice",
"apprisk": "elevated",
"dest_interface": "wan1",
"sentdelta": "658",
"src_mac": "d8:cb:8a:7e:59:64",
"dest_country": "United States",
"dev_name": "ragnar-gw",
"src_server": "0",
"service": "HTTPS",
"group": "Users",
"duration": "3344",
"src_hostname": "Mario",
"logid": "0000000020",
"policy_id": "17",
"bytes_out": 19837,
"src_interface": "lan",
"date": "2020-01-06",
"src_country": "Reserved",
"action": "accept",
"_time": "2020-01-06 16:45:05",
"dest_ip": "8.39.55.197",
"rcvddelta": "484",
"@version": "1",
"sessionid": "1175919",
"app": "Zoho",
"@timestamp": "2020-01-06T09:45:05.000Z",
"dstintfrole": "undefined",
"transip": "182.52.224.121",
"bytes_in": 17586,
"type": "traffic",
"policytype": "policy",
"user": "Mario",
"host": "10.255.0.2",
"src_ip": "192.168.1.9",
"dest_port": "443",
"applist": "default",
"protocol": "6",
"trandisp": "snat",
"subtype": "forward",
"transport": "63535",
"poluuid": "248b4be2-5d4a-51e7-33b6-0067c863e839",
"out_pkt": "244"
}
},
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "XBo-em8BizBI-jLGiO37",
"_score": 1.0,
"_source": {
"dev_type": "Computer",
"dev_id": "FG100D3G16805066",
"os_name": "macOS",
"vd": "root",
"appcat": "unscanned",
"tz": "+0700",
"srcfamily": "MacBookPro",
"srcswversion": "10.14.6",
"mastersrcmac": "00:e0:4c:68:00:49",
"eventtime": "1578303916391074626",
"_raw": "date=2020-01-06 time=16:45:15 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"0001000014\" type=\"traffic\" subtype=\"local\" level=\"notice\" vd=\"root\" eventtime=1578303916391074626 tz=\"+0700\" srcip=192.168.1.109 srcname=\"LifeOfPrimesMBP\" srcport=54345 srcintf=\"lan\" srcintfrole=\"lan\" dstip=192.168.1.2 dstport=8013 dstintf=\"root\" dstintfrole=\"undefined\" sessionid=1198519 proto=6 action=\"deny\" policyid=0 policytype=\"local-in-policy\" service=\"tcp/8013\" dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=\"noop\" app=\"Endpoint Control Registration\" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=\"low\" srchwvendor=\"Apple\" devtype=\"Computer\" srcfamily=\"MacBookPro\" osname=\"macOS\" srcswversion=\"10.14.6\" mastersrcmac=\"00:e0:4c:68:00:49\" srcmac=\"00:e0:4c:68:00:49\" srcserver=0",
"src_interface_role": "lan",
"crlevel": "low",
"geoip": {
},
"syslog5424_pri": "133",
"time": "16:45:15",
"src_port": "54345",
"level": "notice",
"dest_interface": "root",
"src_mac": "00:e0:4c:68:00:49",
"dest_country": "Reserved",
"dev_name": "ragnar-gw",
"src_server": "0",
"service": "tcp/8013",
"crscore": "5",
"duration": "0",
"src_hostname": "LifeOfPrimesMBP",
"logid": "0001000014",
"policy_id": "0",
"bytes_out": 0,
"src_interface": "lan",
"date": "2020-01-06",
"src_country": "Reserved",
"action": "deny",
"_time": "2020-01-06 16:45:15",
"srchwvendor": "Apple",
"dest_ip": "192.168.1.2",
"@version": "1",
"sessionid": "1198519",
"app": "Endpoint Control Registration",
"tags": [
"_geoip_lookup_failure"
],
"craction": "262144",
"@timestamp": "2020-01-06T09:45:15.000Z",
"dstintfrole": "undefined",
"bytes_in": 0,
"type": "traffic",
"policytype": "local-in-policy",
"host": "10.255.0.2",
"src_ip": "192.168.1.109",
"dest_port": "8013",
"protocol": "6",
"trandisp": "noop",
"subtype": "local",
"out_pkt": "0"
}
}
]
}
}_search?size=1
GET http://elasticsearch_ip:port/_search?size=1
เรียกข้อมูลทั้งหมดใน Elasticsearch โดยโชว์แค่ 1 record
Path Parameters
| Name | Type | Description |
|---|---|---|
size | number | จำนวนข้อมูลที่ต้องการดู เช่น 100 |
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 984933,
"max_score": 1.0,
"hits": [
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "FRo-em8BizBI-jLGQ-3Y",
"_score": 1.0,
"_source": {
"dev_id": "FG100D3G16805066",
"os_name": "Windows",
"vd": "root",
"appcat": "Network.Service",
"appid": "41540",
"tz": "+0700",
"countapp": "2",
"mastersrcmac": "d8:cb:8a:7e:59:64",
"srcswversion": "10",
"eventtime": "1578303898691079786",
"_raw": "date=2020-01-06 time=16:44:57 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1578303898691079786 tz=\"+0700\" srcip=192.168.1.9 srcname=\"Mario\" srcport=51008 srcintf=\"lan\" srcintfrole=\"lan\" dstip=13.250.127.74 dstport=8002 dstintf=\"wan1\" dstintfrole=\"undefined\" poluuid=\"248b4be2-5d4a-51e7-33b6-0067c863e839\" sessionid=1198303 proto=6 action=\"client-rst\" user=\"Mario\" group=\"Users\" policyid=17 policytype=\"policy\" service=\"tcp/8002\" dstcountry=\"Singapore\" srccountry=\"Reserved\" trandisp=\"snat\" transip=182.52.224.121 transport=51008 appid=41540 app=\"SSL_TLSv1.2\" appcat=\"Network.Service\" apprisk=\"medium\" applist=\"default\" duration=21 sentbyte=7479 rcvdbyte=4594 sentpkt=18 utmaction=\"allow\" countapp=2 osname=\"Windows\" srcswversion=\"10\" mastersrcmac=\"d8:cb:8a:7e:59:64\" srcmac=\"d8:cb:8a:7e:59:64\" srcserver=0",
"src_interface_role": "lan",
"geoip": {
"timezone": "Asia/Singapore",
"region_name": "Central Singapore Community Development Council",
"latitude": 1.2854999999999999,
"region_code": "01",
"location": {
"lon": 103.8565,
"lat": 1.2854999999999999
},
"city_name": "Singapore",
"country_code3": "SG",
"ip": "13.250.127.74",
"country_code2": "SG",
"continent_code": "AS",
"longitude": 103.8565,
"country_name": "Singapore"
},
"syslog5424_pri": "133",
"time": "16:44:57",
"src_port": "51008",
"level": "notice",
"apprisk": "medium",
"dest_interface": "wan1",
"src_mac": "d8:cb:8a:7e:59:64",
"dest_country": "Singapore",
"dev_name": "ragnar-gw",
"src_server": "0",
"service": "tcp/8002",
"utmaction": "allow",
"group": "Users",
"duration": "21",
"src_hostname": "Mario",
"logid": "0000000013",
"policy_id": "17",
"bytes_out": 7479,
"src_interface": "lan",
"date": "2020-01-06",
"src_country": "Reserved",
"action": "client-rst",
"_time": "2020-01-06 16:44:57",
"dest_ip": "13.250.127.74",
"@version": "1",
"sessionid": "1198303",
"app": "SSL_TLSv1.2",
"@timestamp": "2020-01-06T09:44:57.000Z",
"dstintfrole": "undefined",
"transip": "182.52.224.121",
"bytes_in": 4594,
"type": "traffic",
"policytype": "policy",
"user": "Mario",
"host": "10.255.0.2",
"src_ip": "192.168.1.9",
"dest_port": "8002",
"applist": "default",
"protocol": "6",
"trandisp": "snat",
"subtype": "forward",
"transport": "51008",
"poluuid": "248b4be2-5d4a-51e7-33b6-0067c863e839",
"out_pkt": "18"
}
}
]
}
}_search?q=keyword
GET http://elasticsearch_ip:port/_search?q=:keyword
ค้นหาข้อมูลใน fields ทั้้งหมดที่มีคำว่า "keyword"
Path Parameters
| Name | Type | Description |
|---|---|---|
keyword | string | ข้อความที่ต้องการค้นหา เช่น good หรือ money |
{
"took": 161,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1755,
"max_score": 6.531287,
"hits": [
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "LRrSeW8BizBI-jLGvxYE",
"_score": 6.531287,
"_source": {
"dev_id": "FG100D3G16805066",
"vd": "root",
"appcat": "Network.Service",
"appid": "41540",
"tz": "+0700",
"scertcname": "*.ilog.ai",
"msg": "Network.Service: SSL_TLSv1.2,",
"eventtime": "1578296852340734919",
"_raw": "date=2020-01-06 time=14:47:32 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"1059028704\" type=\"utm\" subtype=\"app-ctrl\" eventtype=\"signature\" level=\"information\" vd=\"root\" eventtime=1578296852340734919 tz=\"+0700\" appid=41540 user=\"Mario\" group=\"Users\" srcip=192.168.1.9 dstip=13.250.127.74 srcport=59720 dstport=8002 srcintf=\"lan\" srcintfrole=\"lan\" dstintf=\"wan1\" dstintfrole=\"undefined\" proto=6 service=\"SSL\" direction=\"incoming\" policyid=17 sessionid=1148698 applist=\"default\" action=\"pass\" appcat=\"Network.Service\" app=\"SSL_TLSv1.2\" hostname=\"demo.ilog.ai\" incidentserialno=2139183885 url=\"/\" msg=\"Network.Service: SSL_TLSv1.2,\" scertcname=\"*.ilog.ai\"",
"src_interface_role": "lan",
"geoip": {
"timezone": "Asia/Singapore",
"region_name": "Central Singapore Community Development Council",
"latitude": 1.2854999999999999,
"region_code": "01",
"location": {
"lon": 103.8565,
"lat": 1.2854999999999999
},
"city_name": "Singapore",
"country_code3": "SG",
"ip": "13.250.127.74",
"country_code2": "SG",
"continent_code": "AS",
"longitude": 103.8565,
"country_name": "Singapore"
},
"syslog5424_pri": "134",
"time": "14:47:32",
"src_port": "59720",
"level": "information",
"dest_interface": "wan1",
"dev_name": "ragnar-gw",
"service": "SSL",
"eventtype": "signature",
"group": "Users",
"logid": "1059028704",
"policy_id": "17",
"src_interface": "lan",
"date": "2020-01-06",
"action": "pass",
"_time": "2020-01-06 14:47:32",
"dest_ip": "13.250.127.74",
"@version": "1",
"sessionid": "1148698",
"app": "SSL_TLSv1.2",
"direction": "incoming",
"@timestamp": "2020-01-06T07:47:32.000Z",
"dstintfrole": "undefined",
"url": "/",
"type": "utm",
"user": "Mario",
"host": "10.255.0.2",
"hostname": "demo.ilog.ai",
"incidentserialno": "2139183885",
"src_ip": "192.168.1.9",
"dest_port": "8002",
"applist": "default",
"protocol": "6",
"subtype": "app-ctrl"
}
},
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "MRrSeW8BizBI-jLGvxYY",
"_score": 6.531287,
"_source": {
"dev_id": "FG100D3G16805066",
"vd": "root",
"appcat": "Network.Service",
"appid": "15895",
"tz": "+0700",
"scertcname": "*.ilog.ai",
"msg": "Network.Service: SSL,",
"eventtime": "1578296852359827987",
"_raw": "date=2020-01-06 time=14:47:32 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"1059028704\" type=\"utm\" subtype=\"app-ctrl\" eventtype=\"signature\" level=\"information\" vd=\"root\" eventtime=1578296852359827987 tz=\"+0700\" appid=15895 user=\"Mario\" group=\"Users\" srcip=192.168.1.9 dstip=13.250.127.74 srcport=59718 dstport=8002 srcintf=\"lan\" srcintfrole=\"lan\" dstintf=\"wan1\" dstintfrole=\"undefined\" proto=6 service=\"SSL\" direction=\"outgoing\" policyid=17 sessionid=1148696 applist=\"default\" action=\"pass\" appcat=\"Network.Service\" app=\"SSL\" hostname=\"demo.ilog.ai\" incidentserialno=1975374268 url=\"/\" msg=\"Network.Service: SSL,\" scertcname=\"*.ilog.ai\"",
"src_interface_role": "lan",
"geoip": {
"timezone": "Asia/Singapore",
"region_name": "Central Singapore Community Development Council",
"latitude": 1.2854999999999999,
"region_code": "01",
"location": {
"lon": 103.8565,
"lat": 1.2854999999999999
},
"city_name": "Singapore",
"country_code3": "SG",
"ip": "13.250.127.74",
"country_code2": "SG",
"continent_code": "AS",
"longitude": 103.8565,
"country_name": "Singapore"
},
"syslog5424_pri": "134",
"time": "14:47:32",
"src_port": "59718",
"level": "information",
"dest_interface": "wan1",
"dev_name": "ragnar-gw",
"service": "SSL",
"eventtype": "signature",
"group": "Users",
"logid": "1059028704",
"policy_id": "17",
"src_interface": "lan",
"date": "2020-01-06",
"action": "pass",
"_time": "2020-01-06 14:47:32",
"dest_ip": "13.250.127.74",
"@version": "1",
"sessionid": "1148696",
"app": "SSL",
"direction": "outgoing",
"@timestamp": "2020-01-06T07:47:32.000Z",
"dstintfrole": "undefined",
"url": "/",
"type": "utm",
"user": "Mario",
"host": "10.255.0.2",
"hostname": "demo.ilog.ai",
"incidentserialno": "1975374268",
"src_ip": "192.168.1.9",
"dest_port": "8002",
"applist": "default",
"protocol": "6",
"subtype": "app-ctrl"
}
}
]
}
}_search?q=field:keyword ค้นหาข้อมูลใน "field" ที่มีคำว่า "keyword"
GET http://elasticsearch_ip:port/_search?q=field:keyword
ค้นหาข้อมูลใน "field" ที่มีคำว่า "keyword"
Path Parameters
| Name | Type | Description |
|---|---|---|
field | string | ชื่อ field ของข้อมูลที่ต้องการค้นหา เช่น Action หรือ src_ip |
keyword | string | ข้อความที่ต้องการค้นหาใน field ด้านบน เช่น accept หรือ 192.168.0.1 |
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 984933,
"max_score": 1.0,
"hits": [
{
"_index": "fortigate-2020.01",
"_type": "doc",
"_id": "FRo-em8BizBI-jLGQ-3Y",
"_score": 1.0,
"_source": {
"dev_id": "FG100D3G16805066",
"os_name": "Windows",
"vd": "root",
"appcat": "Network.Service",
"appid": "41540",
"tz": "+0700",
"countapp": "2",
"mastersrcmac": "d8:cb:8a:7e:59:64",
"srcswversion": "10",
"eventtime": "1578303898691079786",
"_raw": "date=2020-01-06 time=16:44:57 devname=\"ragnar-gw\" devid=\"FG100D3G16805066\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1578303898691079786 tz=\"+0700\" srcip=192.168.1.9 srcname=\"Mario\" srcport=51008 srcintf=\"lan\" srcintfrole=\"lan\" dstip=13.250.127.74 dstport=8002 dstintf=\"wan1\" dstintfrole=\"undefined\" poluuid=\"248b4be2-5d4a-51e7-33b6-0067c863e839\" sessionid=1198303 proto=6 action=\"client-rst\" user=\"Mario\" group=\"Users\" policyid=17 policytype=\"policy\" service=\"tcp/8002\" dstcountry=\"Singapore\" srccountry=\"Reserved\" trandisp=\"snat\" transip=182.52.224.121 transport=51008 appid=41540 app=\"SSL_TLSv1.2\" appcat=\"Network.Service\" apprisk=\"medium\" applist=\"default\" duration=21 sentbyte=7479 rcvdbyte=4594 sentpkt=18 utmaction=\"allow\" countapp=2 osname=\"Windows\" srcswversion=\"10\" mastersrcmac=\"d8:cb:8a:7e:59:64\" srcmac=\"d8:cb:8a:7e:59:64\" srcserver=0",
"src_interface_role": "lan",
"geoip": {
"timezone": "Asia/Singapore",
"region_name": "Central Singapore Community Development Council",
"latitude": 1.2854999999999999,
"region_code": "01",
"location": {
"lon": 103.8565,
"lat": 1.2854999999999999
},
"city_name": "Singapore",
"country_code3": "SG",
"ip": "13.250.127.74",
"country_code2": "SG",
"continent_code": "AS",
"longitude": 103.8565,
"country_name": "Singapore"
},
"syslog5424_pri": "133",
"time": "16:44:57",
"src_port": "51008",
"level": "notice",
"apprisk": "medium",
"dest_interface": "wan1",
"src_mac": "d8:cb:8a:7e:59:64",
"dest_country": "Singapore",
"dev_name": "ragnar-gw",
"src_server": "0",
"service": "tcp/8002",
"utmaction": "allow",
"group": "Users",
"duration": "21",
"src_hostname": "Mario",
"logid": "0000000013",
"policy_id": "17",
"bytes_out": 7479,
"src_interface": "lan",
"date": "2020-01-06",
"src_country": "Reserved",
"action": "client-rst",
"_time": "2020-01-06 16:44:57",
"dest_ip": "13.250.127.74",
"@version": "1",
"sessionid": "1198303",
"app": "SSL_TLSv1.2",
"@timestamp": "2020-01-06T09:44:57.000Z",
"dstintfrole": "undefined",
"transip": "182.52.224.121",
"bytes_in": 4594,
"type": "traffic",
"policytype": "policy",
"user": "Mario",
"host": "10.255.0.2",
"src_ip": "192.168.1.9",
"dest_port": "8002",
"applist": "default",
"protocol": "6",
"trandisp": "snat",
"subtype": "forward",
"transport": "51008",
"poluuid": "248b4be2-5d4a-51e7-33b6-0067c863e839",
"out_pkt": "18"
}
}
]
}
}Last updated