import requests<br />
<br />
# Elasticsearch endpoint<br />
elasticsearch_url = &#039;http://23.96.2.221:9200&#039;<br />
<br />
# Index to query<br />
index_name = &#039;.ds-winlogbeat-8.13.0-2024.04.14-000001&#039;<br />
<br />
# Search query for failed logon events<br />
query = {<br />
    &quot;query&quot;: {<br />
        &quot;bool&quot;: {<br />
            &quot;must&quot;: [],<br />
            &quot;filter&quot;: [<br />
                {<br />
                    &quot;match_phrase&quot;: {<br />
                        &quot;event.code&quot;: &quot;4625&quot;  # Filter for event code 4625 (failed logon)<br />
                    }<br />
                },<br />
<br />
                {<br />
                    &quot;range&quot;: {<br />
                        &quot;@timestamp&quot;: {<br />
                            &quot;format&quot;: &quot;strict_date_optional_time&quot;,<br />
                            &quot;gte&quot;: &quot;2024-04-22T09:00:00.000Z&quot;,<br />
                            &quot;lte&quot;: &quot;2024-04-23T09:08:28.887Z&quot;<br />
                        }<br />
                    }<br />
                }<br />
            ],<br />
            &quot;should&quot;: [],<br />
            &quot;must_not&quot;: []<br />
        }<br />
    }<br />
}<br />
<br />
# Elasticsearch search URL<br />
search_url = f&quot;{elasticsearch_url}/{index_name}/_search&quot;<br />
<br />
# Send the request<br />
response = requests.post(search_url, json=query)<br />
<br />
# Check if the request was successful (HTTP status code 200)<br />
if response.status_code == 200:<br />
    # Parse the JSON response<br />
    search_results = response.json()<br />
    print(search_results)