Retrieve a Daily Report of Infected Users¶
Overview¶
You can use the REST API to retrieve a daily report of infected users.
Prerequisites¶
- Fraud Protection Service (FPS) logging nodes must be configured on the BIG-IQ.
Query the BIG-IQ API¶
The value of size in the query is the number of users that you want
in the response. If size is not used, the default is 10 users. The
value of precision_threshold specifies a count below which counts
are expected to be close to accurate.
To query for a report, you can send a POST request to the BIG-IQ API.
POST /mgmt/cm/shared/es/logiq/websafe/alert/_search/?size=0 HTTP/1.1
Host: [host_IP]
Authorization: Basic [basic_authorization]
Cache-Control: no-cache
The JSON in the body of the request can look similar to the following.
{
"aggs": {
"users_over_time": {
"date_histogram": {
"field": "eventConversionDateTime",
"interval": "day",
"format": "MMM, dd yyyy"
},
"aggs": {
"group_by_user": {
"terms": {
"field": "username"
"size": 50
}
},
"distinct_users": {
"cardinality": {
"field" : "username",
"precision_threshold": 100
}
}
}
}
}
}
The JSON returned in the body of a successful response may look similar
to the following example. The value of distinct_users is the number
of users for the day.
{
"took": 17,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 128,
"max_score": 0,
"hits": []
},
"aggregations": {
"users_over_time": {
"buckets": [
{
"key_as_string": "Jun, 21 2017",
"key": 1498003200000,
"doc_count": 12,
"distinct_users":{
"value": 2
},
"group_by_user":{
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "test",
"doc_count": 11
},
{
"key": "Unknown",
"doc_count": 1
}
]
}
},
{
"key_as_string": "Jun, 22 2017",
"key": 1498089600000,
"doc_count": 4,
"distinct_users": {
"value": 1
},
"group_by_user": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "test",
"doc_count": 4
}
]
}
}
]
}
}
}