聚合查询出当天登陆过的用户名以及今天之前180天内登陆过的用户名,遍历,今天有的,之前没有的用户名即是今天新增加的用户,将生成的结果存放在文件里
import requests
import json
import datetime
import time
import os
if os.path.exists('result.txt'):
print('删除旧文件')
os.remove('result.txt')
urlStr = '127.0.0.1'
currentTs = int(datetime.datetime.now().timestamp()*1000)
startTs = int(time.mktime(datetime.date.today().timetuple())*1000)
startTs = startTs - 24*60*60*1000
beforeTs = startTs - 180*24*60*60*1000
dataStr = '{"size":0,"query":{"bool":{"filter":[{"range":{"@mtime":{"gte":'+str(startTs)+',"lte":'+str(startTs+24*60*60*1000)+'}}},{"term":{"code":"200"}}],"must_not":[{"match":{"account.keyword":"Unknown"}},{"match":{"account.keyword":""}}]}},"aggs":{"terms_agg":{"terms":{"field":"account","size":9999}}}}'
json_data = json.loads(dataStr)
r11 = requests.post("http://"+urlStr+":9200/login*/_search?pretty",json=json_data)
resultJson = json.loads(r11.text)
accounts = [account.get('key') for account in (resultJson.get('aggregations').get('terms_agg').get('buckets'))]
str1 = '{"size":0,"query":{"bool":{"filter":[{"range":{"@mtime":{"gte":'+str(beforeTs)+',"lte":'+str(startTs)+'}}},{"term":{"code":"200"}}],"must_not":[{"match":{"account.keyword":"Unknown"}},{"match":{"account.keyword":""}}]}},"aggs":{"terms_agg":{"terms":{"field":"account","size":9999}}}}'
json_data1 = json.loads(str1)
r111 = requests.post("http://"+urlStr+":9200/login*/_search?pretty",json=json_data1)
resultJson1 = json.loads(r111.text)
accounts1 = [account.get('key') for account in (resultJson1.get('aggregations').get('terms_agg').get('buckets'))]
set1 = set()
Note=open('result.txt',mode='a')
for i in accounts1:
set1.add(i)
for i in accounts:
if i not in set1:
Note.write(i)
Note.write('\n')# 每条数据加一个换行
print('新文件result.txt生成完成')