elasticsearch/esclean: add logsource flag

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2024-01-31 16:07:01 +01:00
parent 1db339531e
commit 5b0bf5d420
No known key found for this signature in database
GPG Key ID: FE65CD384D5BF7B4
1 changed files with 4 additions and 0 deletions

View File

@ -26,6 +26,8 @@ def parse_opts():
help='Fleet to query for.')
parser.add_option('-s', '--severity',
help='Log severity/level.')
parser.add_option('-L', '--logsource',
help='Hostname of log source.')
parser.add_option('-I', '--logsource-ip',
help='IP of log source.')
parser.add_option('-o', '--older-than',
@ -73,6 +75,8 @@ def main():
queries.append({'match': {'fleet': opts.fleet}})
if opts.severity:
queries.append({'term': {'severity_name': opts.severity}})
if opts.logsource:
queries.append({'match': {'logsource': opts.logsource}})
if opts.logsource_ip:
queries.append({'term': {'logsource_ip': opts.logsource_ip}})
if opts.message: