From dbd5a0c1ee7c72e83360d3ce1e6f309d0ccdbb63 Mon Sep 17 00:00:00 2001
From: "sven.ketelsen" <sven.ketelsen@192.168.178.32>
Date: Sat, 29 Oct 2022 08:18:10 +0200
Subject: [PATCH] added metric query_authlog_user_login

- counting logins per user
---
 kustomize/base/files/exporter.cfg | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/kustomize/base/files/exporter.cfg b/kustomize/base/files/exporter.cfg
index fb7285c..9c5b1f3 100644
--- a/kustomize/base/files/exporter.cfg
+++ b/kustomize/base/files/exporter.cfg
@@ -59,3 +59,28 @@ QueryJson = {
       }
     }
   }
+
+[query_authlog_user_login]
+QueryIntervalSecs = 60
+QueryTimeoutSecs = 15
+QueryIndices = <*-authlog-*>
+QueryOnError = drop
+QueryOnMissing = drop
+QueryJson = {
+  "size": 0,
+    "query": {
+      "range": {
+        "@timestamp": {
+          "gte": "now-5m/m",
+          "lt": "now"
+        }
+      }
+    },
+    "aggs": {
+      "system_auth_user": {
+        "terms": {
+          "field": "system.auth.user.keyword"
+        }
+      }
+    }
+  }
\ No newline at end of file