rules: fix logstash metrics query

rules/elasticsearch.py

@@ -415,9 +415,13 @@
     "filtered": {
       "query": {
         "query_string": {
+      {% if hosts %}
           {% for host in hosts %}
           "query": "event_type:stats AND host.raw:{{ host }}",
           {% endfor %}
+      {% else %}
+          "query": "tags:metric",
+      {% endif %}
           "analyze_wildcard": false
         }
       },
@@ -709,6 +713,8 @@ def es_get_metrics_timeline(from_date=0, interval=None, value = "eve.total.rate_
     # returned data is JSON
     data = json.loads(data)
     # total number of results
+    if hosts == None:
+        hosts = ["global"]
     try:
         if settings.ELASTICSEARCH_2X:
             data = data['aggregations']["date"]['buckets']

rules/templates/rules/elasticsearch.html

@@ -261,8 +261,12 @@ <h2>Logstash event insertion speed (last {{ date }})
 
 $( 'document' ).ready(get_es_indices_stats());
 {% if logstash_stats %}
+{% if es2x %}
+$( 'document' ).ready(draw_stats_timeline({{ from_date }}, 'eve_insert.rate_1m', '#logstash', 0, null));
+{% else %}
 $( 'document' ).ready(draw_stats_timeline({{ from_date }}, 'eve.total.rate_1m', '#logstash', 0, null));
 {% endif %}
+{% endif %}
 </script>
 {% else %}