需求: 刪除es 中指定IP 相關的數據 (remoteAddr: ip)
fields.product:wantwords_zxxxx_feature @timestamp:Oct 12, 2023 @ 18:56:39.000 date_timeLocal:12/Oct/2023:18:56:39 +0800 ecs.version:1.12.0 host.name:WebServer-ZJK-1 httpReferer:https:/xxx/ httpUserAgent:Mozilla/5.0 (Linux; Android 13; V2254A; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/16.7.0.3 log.file.path:/home/xxx/xxx/API_Zh_Feature/log/access.log log.offset:12,487,899 long_bodyBytesSent:105764 long_status:200 pid:(空) remoteAddr:106.61.79.15 remoteUser:- requestType:GET requestUrl:/?q=%E7%AA%81%E7%84%B6%E6%9D%A5%E4%BA%86%E5%85%B4%E8%87%B4&m=ZhZh&f=1 URIPROTO:HTTP/1.0 _id:7nKII4sBeg9bmJ3ODLAA _index:prod-nginx-000007 _score: - _type:_doc
[root@dev-test test]# cat blcokip.txt
101.206.129.1
101.206.171.7
import requests
with open('blcokip.txt', 'r') as rfile:
rfile_old = rfile.readlines()
for i in rfile_old:
ip=i.replace('\n','')
data = {
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"fields.product"
],
"query": "wantwords_*"
}
}
],
"minimum_should_match": 1
}
},
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "2023-07-13T16:00:00.000Z",
"lte": "2023-10-12T07:16:26.155Z"
}
}
},
{
"match_phrase": {
"remoteAddr.keyword": ip
}
}
],
"should": [],
"must_not": []
}
}
}
url = 'http://10.0.1.11:9200/prod-nginx*/_delete_by_query'
response = requests.post(url,
json=data,
headers={
'Content-Type': 'application/json'
})
if response.status_code == 200:
print(response.json())
else:
pass
