How do I get this stats count search result from t...

Tolstopyz · ‎02-08-2016

Hi all!

In the search box I wrote:

source="AzureQueueToServiceBusRouter and Portal events" (FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage) | stats count by IpAddress | SEARCH count >5

In response, I get a table with statistics on the ip.

But, I need to perform all of these actions through the API to receive an answer in the form of JSON or XML.

I can start job for search:

curl.exe  https:/127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage"  -d "earliest_time=-15m" -d "latest=rt"

but how to perform stats count by IpAddress | SEARCH count >5 I don't now.

lukasz92 · ‎02-08-2016

The same way. I tried to do it with similar query and it works.

Try something like that:

curl.exe https://127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage | stats count by IpAddress | search count>5" -d "earliest_time=-15m" -d "latest=rt"

Tolstopyz · ‎02-08-2016

Unfortunately after such a request through API:

https://127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage | stats count by IpAddress | search count>5" -d "earliest_time=-15m" -d "latest=rt"

I get 0 results

How do I get this stats count search result from the REST API?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

How do I get this stats count search result from the REST API?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+