I am having issues installing fail2ban through cloudformation template. See my template below.
My template creates the EC2 instance from AMI in the mappings, but the EC2 contains only applications that come installed on it.The package install part through yum does not work (the packages do not get installed)
Any direction is appreciated.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation LAMP",
"Parameters" : {
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
},
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "t2.small",
"AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"]
,
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"SSHLocation" : {
"Description" : " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings" : {
"AWSInstanceType2Arch" : {
"t1.micro" : { "Arch" : "PV64" },
"t2.nano" : { "Arch" : "HVM64" },
"t2.micro" : { "Arch" : "HVM64" },
"t2.small" : { "Arch" : "HVM64" },
"t2.medium" : { "Arch" : "HVM64" },
"t2.large" : { "Arch" : "HVM64" },
"m1.small" : { "Arch" : "PV64" },
"m1.medium" : { "Arch" : "PV64" },
"m1.large" : { "Arch" : "PV64" },
"m1.xlarge" : { "Arch" : "PV64" },
"m2.xlarge" : { "Arch" : "PV64" },
"m2.2xlarge" : { "Arch" : "PV64" },
"m2.4xlarge" : { "Arch" : "PV64" },
"m3.medium" : { "Arch" : "HVM64" },
"m3.large" : { "Arch" : "HVM64" },
"m3.xlarge" : { "Arch" : "HVM64" },
"m3.2xlarge" : { "Arch" : "HVM64" },
"m4.large" : { "Arch" : "HVM64" },
"m4.xlarge" : { "Arch" : "HVM64" },
"m4.2xlarge" : { "Arch" : "HVM64" },
"m4.4xlarge" : { "Arch" : "HVM64" },
"m4.10xlarge" : { "Arch" : "HVM64" },
"c1.medium" : { "Arch" : "PV64" },
"c1.xlarge" : { "Arch" : "PV64" },
"c3.large" : { "Arch" : "HVM64" },
"c3.xlarge" : { "Arch" : "HVM64" },
"c3.2xlarge" : { "Arch" : "HVM64" },
"c3.4xlarge" : { "Arch" : "HVM64" },
"c3.8xlarge" : { "Arch" : "HVM64" },
"c4.large" : { "Arch" : "HVM64" },
"c4.xlarge" : { "Arch" : "HVM64" },
"c4.2xlarge" : { "Arch" : "HVM64" },
"c4.4xlarge" : { "Arch" : "HVM64" },
"c4.8xlarge" : { "Arch" : "HVM64" },
"g2.2xlarge" : { "Arch" : "HVMG2" },
"g2.8xlarge" : { "Arch" : "HVMG2" },
"r3.large" : { "Arch" : "HVM64" },
"r3.xlarge" : { "Arch" : "HVM64" },
"r3.2xlarge" : { "Arch" : "HVM64" },
"r3.4xlarge" : { "Arch" : "HVM64" },
"r3.8xlarge" : { "Arch" : "HVM64" },
"i2.xlarge" : { "Arch" : "HVM64" },
"i2.2xlarge" : { "Arch" : "HVM64" },
"i2.4xlarge" : { "Arch" : "HVM64" },
"i2.8xlarge" : { "Arch" : "HVM64" },
"d2.xlarge" : { "Arch" : "HVM64" },
"d2.2xlarge" : { "Arch" : "HVM64" },
"d2.4xlarge" : { "Arch" : "HVM64" },
"d2.8xlarge" : { "Arch" : "HVM64" },
"hi1.4xlarge" : { "Arch" : "HVM64" },
"hs1.8xlarge" : { "Arch" : "HVM64" },
"cr1.8xlarge" : { "Arch" : "HVM64" },
"cc2.8xlarge" : { "Arch" : "HVM64" }
},
"AWSRegionArch2AMI" : {
"us-east-1" : {"PV64" : "ami-2a69aa47", "HVM64" : "ami-6869aa05", "HVMG2" : "ami-1f12e965"},
"us-west-2" : {"PV64" : "ami-7f77b31f", "HVM64" : "ami-39d39d41", "HVMG2" : "ami-5c9b6124"},
"us-west-1" : {"PV64" : "ami-a2490dc2", "HVM64" : "ami-31490d51", "HVMG2" : "ami-7291a112"},
"eu-west-1" : {"PV64" : "ami-4cdd453f", "HVM64" : "ami-f9dd458a", "HVMG2" : "ami-b411c5cd"},
"eu-west-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-39d39d41", "HVMG2" : "NOT_SUPPORTED"},
"eu-central-1" : {"PV64" : "ami-6527cf0a", "HVM64" : "ami-ea26ce85", "HVMG2" : "ami-be40f2d1"},
"ap-northeast-1" : {"PV64" : "ami-3e42b65f", "HVM64" : "ami-374db956", "HVMG2" : "ami-3efd2c58"},
"ap-northeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-2b408b45", "HVMG2" : "NOT_SUPPORTED"},
"ap-southeast-1" : {"PV64" : "ami-df9e4cbc", "HVM64" : "ami-a59b49c6", "HVMG2" : "ami-3e91ed5d"},
"ap-southeast-2" : {"PV64" : "ami-63351d00", "HVM64" : "ami-dc361ebf", "HVMG2" : "ami-84a142e6"},
"ap-south-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-ffbdd790", "HVMG2" : "ami-25ffbe4a"},
"us-east-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-f6035893", "HVMG2" : "NOT_SUPPORTED"},
"ca-central-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-730ebd17", "HVMG2" : "NOT_SUPPORTED"},
"sa-east-1" : {"PV64" : "ami-1ad34676", "HVM64" : "ami-6dd04501", "HVMG2" : "NOT_SUPPORTED"},
"cn-north-1" : {"PV64" : "ami-77559f1a", "HVM64" : "ami-8e6aa0e3", "HVMG2" : "NOT_SUPPORTED"},
"cn-northwest-1" : {"PV64" : "ami-80707be2", "HVM64" : "ami-cb858fa9", "HVMG2" : "NOT_SUPPORTED"}
}
},
"Resources" : {
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"configSets" : {
"InstallAndRun" : [ "Install", "Configure" ]
},
"Install" : {
"packages" : {
"yum" : {
"httpd" : [],
"php" : [],
"php-mysql" : [],
"monit" : [],
"fail2ban" : []
}
},
"files" : {
"/etc/cfn/cfn-hup.conf" : {
"content" : { "Fn::Join" : ["", [
"[main]\n",
"stack=", { "Ref" : "AWS::StackId" }, "\n",
"region=", { "Ref" : "AWS::Region" }, "\n"
]]},
"mode" : "000400",
"owner" : "root",
"group" : "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf" : {
"content": { "Fn::Join" : ["", [
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource WebServerInstance ",
" --configsets InstallAndRun ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"runas=root\n"
]]},
"mode" : "000400",
"owner" : "root",
"group" : "root"
}
},
"services" : {
"sysvinit" : {
"httpd" : { "enabled" : "true", "ensureRunning" : "true" },
"cfn-hup" : { "enabled" : "true", "ensureRunning" : "true",
"files" : ["/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf"]}
}
}
},
"Configure" : {
}
}
},
"Properties": {
"ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" },
{ "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
"InstanceType" : { "Ref" : "InstanceType" },
"SecurityGroups" : [ {"Ref" : "WebServerSecurityGroup"} ],
"KeyName" : { "Ref" : "KeyName" },
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource WebServerInstance ",
" --configsets InstallAndRun ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource WebServerInstance ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]]}}
},
"CreationPolicy" : {
"ResourceSignal" : {
"Timeout" : "PT5M"
}
}
},
"WebServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access via port 80",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}}
]
}
}
},
"Outputs" : {
"WebsiteURL" : {
"Description" : "URL for newly created LAMP stack",
"Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServerInstance", "PublicDnsName" ]}]] }
}
}
}
I've had a similar issue before, the way I got around it was by utilising the Default configSet which just calls configKeys required. So in your case:
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"configSets" : {
"InstallAndRun" : [ "Install", "Configure" ]
},
"Install" : {
"packages" : {
"yum" : {
"httpd" : [],
"php" : [],
"php-mysql" : [],
"monit" : [],
"fail2ban" : []
}
},
Would become:
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"configSets" : {
"default " : [ "Install", "Configure" ]
},
"Install" : {
"packages" : {
"yum" : {
"httpd" : [],
"php" : [],
"php-mysql" : [],
"monit" : [],
"fail2ban" : []
}
},
You may have to tweak this a little bit, mainly because I don't write JSON (I won't make any jokes this time, promise), I use YAML, so you'll have to excuse me if my formatting is incorrect, this should fix it though.
Related
I have a collections of department, student & student_attendance below.
department:
{
"_id": "abc101",
"department": {
"title" : "CSE",
"start_date" : "2011-06-02",
"department_id" : "CSE01",
"total_staffs" : "23",
},
"department_id" : "CSE01",
"parent_department_id" : "CSE01",
"college_code" : "IEC"
}
{
"_id": "mno101",
"department": {
"title" : "ME",
"start_date" : "2000-06-13",
"department_id" : "ME01",
"total_staffs" : "45",
},
"department_id" : "ME01",
"parent_department_id" : "ME01",
"college_code" : "SMEC"
}
{
"_id": "abc102",
"department": {
"title" : "ECE",
"start_date" : "2011-06-02",
"department_id" : "ECE01",
"total_staffs" : "16",
},
"department_id" : "ECE01",
"parent_department_id" : "ECE01",
"college_code" : "IEC"
}
student:
{
"_id" : "abc103",
"student" : {
"first_name" : "Venu",
"last_name" : "Gopal",
"department_id" : "CSE01",
"student_id" : "20IECCSE45",
"date_of_admission" : "2020-06-12"
},
"student_id" : "20IECCSE45",
"parent_department_id" : "CSE01",
"college_code" : "IEC"
}
student_attendance :
{
"_id" : "abc104",
"student_attendance" : {
"attendance_id" : "20061201",
"attendance_pct" : "100",
"absence_days" : "0",
"student_id" : "20IECCSE45"
"submit_time" : {
"$numberLong": "1497019230447"
},
"student_fee" : {
"version" : "1",
data : [
{
"fee_amount" : "1000",
"fee_paid" : "1000",
"fee_date" : {
"$numberLong": "1497019230447"
},
"fee_type" : "tuition fee"
}
]
}
},
"attendance_id" : "20061201",
"parent_department_id" : "CSE01",
"college_code" : "IEC"
}
{
"_id" : "abc105",
"student_attendance" : {
"attendance_id" : "20061211",
"attendance_pct" : "90",
"absence_days" : "1",
"student_id" : "20IECCSE45"
"submit_time" : {
"$numberLong": "1497019230447"
},
"student_fee" : {
"version" : "1",
data : [
{
"fee_amount" : "1100",
"fee_paid" : "1100",
"fee_date" : {
"$numberLong": "1497019230447"
},
"fee_type" : "tuition fee"
}
]
}
},
"attendance_id" : "20061211",
"parent_department_id" : "CSE01",
"college_code" : "IEC"
}
I've written the below aggregate query:
[
{
'$lookup': {
'from': 'student',
'localField': 'student_attendance.student_id',
'foreignField': 'student_id',
'as': 'st'
}
}, {
'$unwind': {
'path': '$st',
'preserveNullAndEmptyArrays': true
}
}, {
'$lookup': {
'from': 'department',
'localField': 'parent_department_id',
'foreignField': 'department_id',
'as': 'dp'
}
}, {
'$unwind': {
'path': '$dp',
'preserveNullAndEmptyArrays': true
}
}, {
'$project': {
'student_attendance': '$student_attendance',
'first_name': '$st.student.first_name',
'last_name': '$st.student.last_name',
'title': '$dp.department.title'
}
}
]
All the fields used in the lookup are indexed. In my real time case each of these 3 collections will have 200k+ documents.
Similarly, if I add 1 or more lookup the performance is going down.
The $project fields are the expected result, how can I improve performance or how this query can be written better. Also, Is it not advisable to use lookup?
I have documents in which am storing two main objects scan and result, I want the output such that in result I get separate row for each match of scan.location and result.location.
Date:
{
"_id" : ObjectId("6024d02a1bf5152b44baf521"),
"scan" : {
"customerId" : "e2565eac-2086-48fc-ba18-dbce74602e22",
"customerGenderSelection" : "F",
"scanQuery" : {
"service" : "MA",
"date" : "08-Nov-2020",
"locations" : [
{
"locationId" : "0023",
"locationName" : "dobson"
},
{
"locationId" : "0001",
"locationName" : "shea"
}
]
},
"sessionId" : "70511849-97f8-4318-a96e-bb3a573c52ea",
},
"result" : [
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "11:00",
"locationId" : "0023"
},
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "12:00",
"locationId" : "0023"
},
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "12:30",
"locationId" : "0023"
},
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "13:00",
"locationId" : "0001"
}
]
}
I want result where scan.scanQuery.locations.locationId == result.locationId. So expecting a result in the below format:
Expected Response:
{
"scan" : {
"customerId" : "e2565eac-2086-48fc-ba18-dbce74602e22",
"customerGenderSelection" : "F",
"scanQuery" : {
"service" : "MA",
"date" : "08-Nov-2020",
"locations" : [
{
"locationId" : "0023",
"locationName" : "dobson"
}
]
},
"sessionId" : "70511849-97f8-4318-a96e-bb3a573c52ea",
},
"result" : [
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "11:00",
"locationId" : "0023"
},
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "12:00",
"locationId" : "0023"
},
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "12:30",
"locationId" : "0023"
}
]
},
{
"scan" : {
"customerId" : "e2565eac-2086-48fc-ba18-dbce74602e22",
"customerGenderSelection" : "F",
"scanQuery" : {
"service" : "MA",
"date" : "08-Nov-2020",
"locations" :
{
"locationId" : "0001",
"locationName" : "shea"
}
]
},
"sessionId" : "70511849-97f8-4318-a96e-bb3a573c52ea",
},
"result" : [
{
"employeeId" : "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time" : "13:00",
"locationId" : "0001"
}
]
}
Any suggestions or ideas would be helpful.
Try this:
db.locations.aggregate([
{
$unwind: "$scan.scanQuery.locations"
},
{
$addFields: {
result: {
$filter: {
input: "$result",
as: "item",
cond: {
$eq: ["$scan.scanQuery.locations.locationId", "$$item.locationId"]
}
}
}
}
}
]);
Output:
{
"_id": ObjectId("6024d02a1bf5152b44baf521"),
"scan": {
"customerId": "e2565eac-2086-48fc-ba18-dbce74602e22",
"customerGenderSelection": "F",
"scanQuery": {
"service": "MA",
"date": "08-Nov-2020",
"locations": {
"locationId": "0023",
"locationName": "dobson"
}
},
"sessionId": "70511849-97f8-4318-a96e-bb3a573c52ea"
},
"result": [
{
"employeeId": "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time": "11:00",
"locationId": "0023"
},
{
"employeeId": "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time": "12:00",
"locationId": "0023"
},
{
"employeeId": "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time": "12:30",
"locationId": "0023"
}
]
},
{
"_id": ObjectId("6024d02a1bf5152b44baf521"),
"scan": {
"customerId": "e2565eac-2086-48fc-ba18-dbce74602e22",
"customerGenderSelection": "F",
"scanQuery": {
"service": "MA",
"date": "08-Nov-2020",
"locations": {
"locationId": "0001",
"locationName": "shea"
}
},
"sessionId": "70511849-97f8-4318-a96e-bb3a573c52ea"
},
"result": [
{
"employeeId": "224f55b2-27bc-4e34-8249-a8d201540ac2",
"time": "13:00",
"locationId": "0001"
}
]
}
I'm trying to work out how to query a document which has two layers of nested arrays.
{
"_id" : ObjectId("5d7fb679d76f3bbf82ed952e"),
"org-name" : "Shropshire Community Health NHS Trust",
"domain" : "shropscommunityhealth.nhs.uk",
"subdomains" : [
{
"name" : "www.shropscommunityhealth.nhs.uk",
"firstSeen" : "2015-10-17 01:10:00",
"a_rr" : "195.49.146.9",
"data_retrieved" : ISODate("2019-09-16T17:21:11.468Z"),
"asn" : 21472,
"asn_org" : "ServerHouse Ltd",
"city" : "Portsmouth",
"country" : "United Kingdom",
"shodan" : {
"ports" : [
{
"port" : 443,
"cpe" : "cpe:/a:microsoft:internet_information_server:8.5",
"product" : "Microsoft IIS httpd"
},
{
"port" : 80,
"cpe" : "cpe:/o:microsoft:windows",
"product" : "Microsoft HTTPAPI httpd"
}
],
"timestamp" : ISODate("2019-09-16T17:21:12.659Z")
}
},
{
"name" : "www2.shropscommunityhealth.nhs.uk",
"firstSeen" : "2017-06-23 16:55:00",
"a_rr" : "80.175.25.17",
"data_retrieved" : ISODate("2019-09-16T17:21:12.663Z"),
"asn" : 8607,
"asn_org" : "Timico Limited",
"city" : null,
"country" : "United Kingdom",
"shodan" : {
"timestamp" : ISODate("2019-09-16T17:21:13.664Z")
}
}
]
}
I want to be able to search through the collection and return all of the subdomains where where there is a match on the port number supplied. So far I've tried (in PyMongo)
result = db.aggregate([{'$match': {'subdomains.shodan.ports.port': port}},
{'$project': {
'subdomains': {'$filter': {
'input': '$subdomains.shodan.ports',
'cond': {'$eq': ['$$this.port', port]}
}}
}}])
When I run this I don't get any results back at all. I've played around with my $filter but can't seem to get any results out. I'm using a similar aggregation for querying within just the subdomains array and it works fine, I'm just struggling with the array within an array and wondering if I need a different approach.
Try aggregate pipeline below:
db.collection.aggregate([
{
$unwind: "$subdomains"
},
{
$match: {
"subdomains.shodan.ports": {
$elemMatch: {
port: 443
},
$ne: null
}
}
},
{
$group: {
_id: "$_id",
"org-name": {
$last: "$org-name"
},
"domain": {
$last: "$domain"
},
"subdomains": {
$push: "$subdomains"
}
}
}
])
giving output:
[
{
"_id": ObjectId("5d7fb679d76f3bbf82ed952e"),
"domain": "shropscommunityhealth.nhs.uk",
"org-name": "Shropshire Community Health NHS Trust",
"subdomains": [
{
"a_rr": "195.49.146.9",
"asn": 21472,
"asn_org": "ServerHouse Ltd",
"city": "Portsmouth",
"country": "United Kingdom",
"data_retrieved": ISODate("2019-09-16T17:21:11.468Z"),
"firstSeen": "2015-10-17 01:10:00",
"name": "www.shropscommunityhealth.nhs.uk",
"shodan": {
"ports": [
{
"cpe": "cpe:/a:microsoft:internet_information_server:8.5",
"port": 443,
"product": "Microsoft IIS httpd"
},
{
"cpe": "cpe:/o:microsoft:windows",
"port": 80,
"product": "Microsoft HTTPAPI httpd"
}
],
"timestamp": ISODate("2019-09-16T17:21:12.659Z")
}
}
]
}
]
The following query can get us the expected output:
db.collection.aggregate([
{
$project:{
"subdomains":{
$filter:{
"input":"$subdomains",
"as":"subdomain",
"cond":{
$in:[
443,
{
$ifNull:[
"$$subdomain.shodan.ports.port",
[]
]
}
]
}
}
}
}
}
]).pretty()
Data set:
{
"_id" : ObjectId("5d7fb679d76f3bbf82ed952e"),
"org-name" : "Shropshire Community Health NHS Trust",
"domain" : "shropscommunityhealth.nhs.uk",
"subdomains" : [
{
"name" : "www.shropscommunityhealth.nhs.uk",
"firstSeen" : "2015-10-17 01:10:00",
"a_rr" : "195.49.146.9",
"data_retrieved" : ISODate("2019-09-16T17:21:11.468Z"),
"asn" : 21472,
"asn_org" : "ServerHouse Ltd",
"city" : "Portsmouth",
"country" : "United Kingdom",
"shodan" : {
"ports" : [
{
"port" : 443,
"cpe" : "cpe:/a:microsoft:internet_information_server:8.5",
"product" : "Microsoft IIS httpd"
},
{
"port" : 80,
"cpe" : "cpe:/o:microsoft:windows",
"product" : "Microsoft HTTPAPI httpd"
}
],
"timestamp" : ISODate("2019-09-16T17:21:12.659Z")
}
},
{
"name" : "www2.shropscommunityhealth.nhs.uk",
"firstSeen" : "2017-06-23 16:55:00",
"a_rr" : "80.175.25.17",
"data_retrieved" : ISODate("2019-09-16T17:21:12.663Z"),
"asn" : 8607,
"asn_org" : "Timico Limited",
"city" : null,
"country" : "United Kingdom",
"shodan" : {
"timestamp" : ISODate("2019-09-16T17:21:13.664Z")
}
}
]
}
Output:
{
"_id" : ObjectId("5d7fb679d76f3bbf82ed952e"),
"org-name" : "Shropshire Community Health NHS Trust",
"domain" : "shropscommunityhealth.nhs.uk",
"subdomains" : [
{
"name" : "www.shropscommunityhealth.nhs.uk",
"firstSeen" : "2015-10-17 01:10:00",
"a_rr" : "195.49.146.9",
"data_retrieved" : ISODate("2019-09-16T17:21:11.468Z"),
"asn" : 21472,
"asn_org" : "ServerHouse Ltd",
"city" : "Portsmouth",
"country" : "United Kingdom",
"shodan" : {
"ports" : [
{
"port" : 443,
"cpe" : "cpe:/a:microsoft:internet_information_server:8.5",
"product" : "Microsoft IIS httpd"
},
{
"port" : 80,
"cpe" : "cpe:/o:microsoft:windows",
"product" : "Microsoft HTTPAPI httpd"
}
],
"timestamp" : ISODate("2019-09-16T17:21:12.659Z")
}
}
]
}
What i am try to achieve is getting more than one size from collection.below query not working as expected.
shown below is collection.
{
"_id" : ObjectId("59e9c029c817c359508b4568"),
"client_id" : "20",
"device_details" : {
"type" : "others",
"name" : "Google Bot",
"os" : null,
"os_version" : null,
"browser" : null,
"browser_version" : null,
"user_agent" : "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"width" : NumberLong("1024"),
"height" : NumberLong("1024"),
"fingerid" : "c714d8f7eb7d216693c0ddd06cfc0940",
"canvasfingerid" : "84f1922a78572180c7f29f938486c1db",
"webglfingerid" : "24700f9f1986800ab4fcc880530dd0ed",
"hardwarefingerid" : "431171c98112e1f0dfb3b40f617111f9",
"platformos" : "Linux x86_64",
"adblock" : "false",
"donot" : "unknown",
"liedlanguage" : "false",
"liedos" : "false",
"liedbrowser" : "false",
"ratio" : NumberLong("1"),
"depth" : NumberLong("24"),
"language" : "en-US",
"liedresolution" : "false",
"timezoneoffset" : "420",
"regularplugin" : "No plugins found",
"localstorage" : "true",
"sessionstorage" : "true",
"touchsupport" : "false",
"canvas" : "Tracked",
"webgl" : "Unknown",
"hardwareconc" : "8",
"referrer" : null,
"referrer_url" : null,
"scrorientation" : "landscape-primary"
},
"ip_list" : [
"66.249.66.146",
"66.249.66.21"
],
"ip_details" : [
{
"ip_address" : "66.249.66.146",
"latitude" : 37.41919999999999,
"longitude" : -122.0574,
"city" : "Mountain View",
"postal_code" : "94043",
"country_code" : "US",
"country_name" : "United States",
"continent_code" : "NA",
"created_date" : ISODate("2017-10-20T14:51:45.176+05:30")
},
{
"ip_address" : "66.249.66.21",
"latitude" : 37.41919999999999,
"longitude" : -122.0574,
"city" : "Mountain View",
"postal_code" : "94043",
"country_code" : "US",
"country_name" : "United States",
"continent_code" : "NA",
"created_date" : ISODate("2017-10-24T08:27:24.385+05:30")
}
],
"urls" : [
{
"host" : {
"time" : ISODate("2017-10-20T14:51:45.197+05:30"),
"url" : "http://www.indianmobileprices.com/index.php/mobile/info/9-APPLE/7062-APPLE-iPhone+7+/dehradun"
}
},
{
"host" : {
"time" : ISODate("2017-10-24T08:27:24.405+05:30"),
"url" : "http://www.indianmobileprices.com/brand/mobiles/10-LENOVO/bhubaneswar"
}
}
],
"created_date" : ISODate("2017-10-24T08:27:24.405+05:30"),
"current_timestamp" : NumberLong("1508491305"),
"traffic" : null,
"traffic_url" : [
{
"url" : "",
"date" : ISODate("2017-10-20T14:51:45.197+05:30")
},
{
"url" : "",
"date" : ISODate("2017-10-24T08:27:24.314+05:30")
},
{
"url" : "",
"date" : ISODate("2017-10-24T08:27:24.578+05:30")
}
],
"returning_user" : NumberLong("1"),
"returninguser" : "yes",
"updated_timestamp" : NumberLong("1508813844"),
"multisession" : NumberLong("2")
},
Here is the query i have used.
db.audience.aggregate([
{"$group":{
"_id":"$ip_details.country_name",
"device_information":{
"$addToSet":{
"ipaddress":"$ip_details.ip_address",
"country_name":"$ip_details.country_name",
"device_name":"$device_details.name",
"device_type":"$device_details.type",
"device_os":"$device_details.os",
"devicen_osversion":"$device_details.os_version"
}
},
"count":{"$sum":1}
}},
{ "$project":{
"device_information":1,
"_id":0,
"countrySize":{ "$size":"$device_information.country_name" },
"desktopSize":{ "$size":'$device_information.device_type' }
}},
{ "$match":{ "countrySize":{"$gt":1} }},
{ "$match":{"desktopSize":{"$device_information.device_type":"desktop"} }}
])
For that i could not get expected result is given below.need to change query for the result.
/* 1 */
{
"countrySize" : NumberInt("4"),
"desktopSize" : NumberInt("2"),
"device_information" : [
{
"country_name" : [
"Singapore"
],
"device_name" : "generic web browser",
"device_os" : "Windows",
"device_type" : "desktop",
"devicen_osversion" : "10",
"ipaddress" : [
"52.220.245.83"
]
},
{
"country_name" : [
"Singapore"
],
"device_name" : "Apple iPhone",
"device_os" : "iOS",
"device_type" : "others",
"devicen_osversion" : "10.3.3",
"ipaddress" : [
"185.89.218.227"
]
},
{
"country_name" : [
"Singapore"
],
"device_name" : "generic web browser",
"device_os" : "Mac OS X",
"device_type" : "desktop",
"devicen_osversion" : "10.12.6",
"ipaddress" : [
"121.7.242.239"
]
},
{
"country_name" : [
"Singapore"
],
"device_name" : "Samsung Galaxy Note 4",
"device_os" : "Android",
"device_type" : "mobile",
"devicen_osversion" : "6.0.1",
"ipaddress" : [
"220.255.108.72"
]
}
]
},
I need query for results that is given above.
I am indexing a data stream to Elasticsearch and I cannot figure out how to normalize incoming data to make it index without error. I have a mapping type "getdatavalues" which is a meta-data query. This meta-data query can return very different looking responses but I'm not seeing the difference. The error I get:
{"index":{"_index":"ens_event-2016.03.11","_type":"getdatavalues","_id":"865800029798177_2016_03_11_03_18_12_100037","status":400,"error":"MapperParsingException[object mapping for [getdatavalues] tried to parse field [output] as object, but got EOF, has a concrete value been provided to it?]"}}
when performing:
curl -XPUT 'http://192.168.99.100:80/es/ens_event-2016.03.11/getdatavalues/865800029798177_2016_03_11_03_18_12_100037' -d '{
"type": "getDataValues",
"input": {
"deviceID": {
"IMEI": "865800029798177",
"serial-number": "64180258"
},
"handle": 644,
"exprCode": "200000010300140000080001005f00a700000000000000",
"noRollHandle": "478669308-578452",
"transactionID": 290
},
"timestamp": "2016-03-11T03:18:12.000Z",
"handle": 644,
"output": {
"noRollPubSessHandle": "478669308-578740",
"publishSessHandle": 1195,
"status": true,
"matchFilter": {
"prefix": "publicExpr.operatorDefined.commercialIdentifier.FoodSvcs.Restaurant.\"A&C Kabul Curry\".\"Rooster Street\"",
"argValues": {
"event": "InternationalEvent",
"hasEvent": "anyEvent"
}
},
"transactionID": 290,
"validFor": 50
}
}'
Here's what Elasticsearch has for the mapping:
"getdatavalues" : {
"dynamic_templates" : [ {
"strings" : {
"mapping" : {
"index" : "not_analyzed",
"type" : "string"
},
"match_mapping_type" : "string"
}
} ],
"properties" : {
"handle" : {
"type" : "long"
},
"input" : {
"properties" : {
"deviceID" : {
"properties" : {
"IMEI" : {
"type" : "string",
"index" : "not_analyzed"
},
"serial-number" : {
"type" : "string",
"index" : "not_analyzed"
}
}
},
"exprCode" : {
"type" : "string",
"index" : "not_analyzed"
},
"handle" : {
"type" : "long"
},
"noRollHandle" : {
"type" : "string",
"index" : "not_analyzed"
},
"serviceVersion" : {
"type" : "string",
"index" : "not_analyzed"
},
"transactionID" : {
"type" : "long"
}
}
},
"output" : {
"properties" : {
"matchFilter" : {
"properties" : {
"argValues" : {
"properties" : {
"Interests" : {
"type" : "object"
},
"MerchantId" : {
"type" : "string",
"index" : "not_analyzed"
},
"Queue" : {
"type" : "string",
"index" : "not_analyzed"
},
"Vibe" : {
"type" : "string",
"index" : "not_analyzed"
},
"event" : {
"properties" : {
"event" : {
"type" : "string",
"index" : "not_analyzed"
},
"hasEvent" : {
"type" : "string",
"index" : "not_analyzed"
}
}
},
"hasEvent" : {
"type" : "string",
"index" : "not_analyzed"
},
"interests" : {
"type" : "string",
"index" : "not_analyzed"
}
}
},
"prefix" : {
"type" : "string",
"index" : "not_analyzed"
},
"transactionID" : {
"type" : "long"
},
"validFor" : {
"type" : "long"
}
}
},
"noRollPubSessHandle" : {
"type" : "string",
"index" : "not_analyzed"
},
"publishSessHandle" : {
"type" : "long"
},
"status" : {
"type" : "boolean"
},
"transactionID" : {
"type" : "long"
},
"validFor" : {
"type" : "long"
}
}
},
"timestamp" : {
"type" : "date",
"format" : "dateOptionalTime"
},
"type" : {
"type" : "string",
"index" : "not_analyzed"
}
}
},
Looks like the argValues object doesn't quite agree with your mapping:
"argValues": {
"event": "InternationalEvent",
"hasEvent": "anyEvent"
}
Either this:
"argValues": {
"event": {
"event": "InternationalEvent"
},
"hasEvent": "anyEvent"
}
Or this:
"argValues": {
"event": {
"event": "InternationalEvent"
"hasEvent": "anyEvent"
},
}
Would both seem to be valid.