Retrieve a Daily Report of Infected Users¶
Overview¶
You can use the REST API to retrieve a daily report of infected users.
Prerequisites¶
- Fraud Protection Service (FPS) logging nodes must be configured on the BIG-IQ.
Query the BIG-IQ API¶
The value of size
in the query is the number of users that you want
in the response. If size
is not used, the default is 10 users. The
value of precision_threshold
specifies a count below which counts
are expected to be close to accurate.
To query for a report, you can send a POST request to the BIG-IQ API.
POST /mgmt/cm/shared/es/logiq/websafe/alert/_search/?size=0 HTTP/1.1
Host: [host_IP]
Authorization: Basic [basic_authorization]
Cache-Control: no-cache
The JSON in the body of the request can look similar to the following.
{
"aggs": {
"users_over_time": {
"date_histogram": {
"field": "eventConversionDateTime",
"interval": "day",
"format": "MMM, dd yyyy"
},
"aggs": {
"group_by_user": {
"terms": {
"field": "username"
"size": 50
}
},
"distinct_users": {
"cardinality": {
"field" : "username",
"precision_threshold": 100
}
}
}
}
}
}
The JSON returned in the body of a successful response may look similar
to the following example. The value of distinct_users
is the number
of users for the day.
{
"took": 17,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 128,
"max_score": 0,
"hits": []
},
"aggregations": {
"users_over_time": {
"buckets": [
{
"key_as_string": "Jun, 21 2017",
"key": 1498003200000,
"doc_count": 12,
"distinct_users":{
"value": 2
},
"group_by_user":{
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "test",
"doc_count": 11
},
{
"key": "Unknown",
"doc_count": 1
}
]
}
},
{
"key_as_string": "Jun, 22 2017",
"key": 1498089600000,
"doc_count": 4,
"distinct_users": {
"value": 1
},
"group_by_user": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "test",
"doc_count": 4
}
]
}
}
]
}
}
}