Hi all,
I have a question about ELK query, I use DSL to query client ip and traffic, but the totally sum traffic is default format bytes, how can I calculate and convert to Gigabytes, if anyone can help me, thanks a lot.
Hi @yangcaixing
There are couple of ways to solve this, simple way would be
Convert your threshold to bytes (i.e 1GB = 1073741824 bytes source https://whatsabyte.com/P1/byteconverter.htm) and use this as condition.
Another approach would be to do this calculation as part of your query, you can use script_field to do this calculation.
Hi @mihirsoni,
I try to use the script_field in query as below ,but it doesnât works, I donât know if the script location is right or not, could you help check this thanks very much.
âaggregationsâ: {
âclient_hostâ: {
âtermsâ: {
âfieldâ: âflow.client_hostnameâ,
âsizeâ: 10,
âmin_doc_countâ: 1,
âshard_min_doc_countâ: 0,
âshow_term_doc_count_errorâ: false,
âorderâ: [
{
âtotal_bytesâ: âdescâ
},
{
â_countâ: âdescâ
},
{
â_keyâ: âascâ
}
]
},
âaggregationsâ: {
âtotal_bytesâ: {
âsumâ: {
âfieldâ: âflow.bytesâ
},
âscript_fieldsâ: {
âtestâ: {
âscriptâ: {
âlangâ: âpainlessâ,
âsourceâ: âdoc[âflow.bytesâ].value /1024 /1024 /1024â
}
}
}
},
âbytes_bucket_filterâ: {
âbucket_selectorâ: {
âbuckets_pathâ: {
âtotalBytesâ: âtotal_bytesâ
},
âscriptâ: {
âsourceâ: âparams.totalBytes > 1â,
âlangâ: âpainlessâ
},
âgap_policyâ: âskipâ
}
}
}
}
}
Hi @mihirsoni,
I used below script to calculate, but it seems wrong, the value always equal 0, would please help have a look, thanks a lot.
Hi @mihirsoni
I have solved the case , thanks so much for the support from beginning, it make a great help for me to achieve the goals, hope you been well all the time.
Hi @yangcaixing hope you doing fine, i am facing the same issue in retrieving the sum in bytes and wants to show the value in GBs or MBs could you please help with this.
.