mirror of
https://github.com/autistic-symposium/shell-whiz-toolkit.git
synced 2025-06-01 04:56:23 -04:00
8 lines
237 B
Markdown
8 lines
237 B
Markdown
## elastalert hacks
|
|
|
|
<br>
|
|
|
|
```
|
|
curl -s logs.HOST.com:9200/logstash-2017.09.08/_search\?q=ty_params.ProcessName:osqueryd\&size=10000\&sort=@timestamp:desc | jq -r '.hits.hits[]._source.ty_params.Username' | sort | uniq -c | sort -nr
|
|
```
|
|
|