源地址
GET elastiflow-3.4.1-*/_search { "_source": { "includes": [ "flow.src_addr" //返回的字段 ], "excludes": [] }, "aggs": { "uniq_attr": { "cardinality": { "field": "flow.src_addr" } } } }
目标地址
GET elastiflow-3.4.1-*/_search { "_source": { "includes": [ "flow.dst_addr" //返回的字段 ], "excludes": [] }, "aggs": { "uniq_attr": { "cardinality": { "field": "flow.dst_addr" } } } }
