Hi all!
In the search box I wrote:
source="AzureQueueToServiceBusRouter and Portal events" (FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage) | stats count by IpAddress | SEARCH count >5
In response, I get a table with statistics on the ip.
But, I need to perform all of these actions through the API to receive an answer in the form of JSON or XML.
I can start job for search:
curl.exe https:/127.0.0.1:8089/services/search/jobs -d search="search FormSignInFailedMessage OR SignInSuccessfulMessage OR FormSignInSuccessfulMessage OR SignInFailedMessage" -d "earliest_time=-15m" -d "latest=rt"
but how to perform stats count by IpAddress | SEARCH count >5 I don't now.
... View more