#!/usr/bin/env perl

# global settings
use warnings;
use strict;
$|++;

# libraries
use Data::Dumper;
use Search::Elasticsearch;
use Try::Tiny;

# global variables
my $elk_host1 = '10.0.10.61:9200';
my $elk_host2 = '10.0.10.51:9200';
my $elk_host3 = '10.0.10.52:9200';
my $elk_host4 = '10.0.10.53:9200';
my $elk_user = 'user';
my $elk_pass = 'pass';

my $dt = `date +%F_%T`;
chomp $dt;
my $latest_dt;

print "Starting run at: ".`date`;

my $e = Search::Elasticsearch->new(
    nodes => [
        "http://$elk_user:$elk_pass\@$elk_host1" ,
        "http://$elk_user:$elk_pass\@$elk_host2" ,
        "http://$elk_user:$elk_pass\@$elk_host3" ,
        "http://$elk_user:$elk_pass\@$elk_host4" ,
    ] ,
    max_requests => 10000,
);

    my $results = $e->search (
        size => 10000,
        index => 'api-*',
        body => {
            query => {
                bool => {
                    must => {
                        term => {
                            '_type' => "alarm",
                        },
                    },
                    filter => {
                        range => {
                            '@timestamp' => {
                                gte => "2018-04-23 00:00:00",
                                format => "YYYY-MM-DD HH:mm:ss"
                            }
                        }
                    }
                }
            }
        }
    );

    print "Count: ".$#{ $results->{hits}->{hits} }."\n";