Hi all!
In the search box I wrote:
source="AzureQueueToServiceBusRouter and Portal events" (FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage) | stats count by IpAddress | SEARCH count >5
In response, I get a table with statistics on the ip.
But, I need to perform all of these actions through the API to receive an answer in the form of JSON or XML.
I can start job for search:
curl.exe https:/127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage" -d "earliest_time=-15m" -d "latest=rt"
but how to perform stats count by IpAddress | SEARCH count >5
I don't now.
The same way. I tried to do it with similar query and it works.
Try something like that:
curl.exe https://127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage | stats count by IpAddress | search count>5" -d "earliest_time=-15m" -d "latest=rt"
Unfortunately after such a request through API:
https://127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage | stats count by IpAddress | search count>5" -d "earliest_time=-15m" -d "latest=rt"
I get 0 results