{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lte": "now"
}
}
},
{
"term": {
"syslogProgram.raw": "extFlowRecords"
}
}
],
"must_not": []
}
},
"size": 0,
"aggs": {
"timechart": {
"date_histogram": {
"field": "@timestamp",
"interval": "60s",
"min_doc_count": 0
},
"aggs": {}
}
}
}