Hi!!!
I have a request:
{
"size": 10000,
"filter": {
"term": {
"user_id": "254337"
}
},
"query": {
"bool": {
"should" : [
{
"term" : { "event" : "logged_in" }
},
{
"term" : { "event" : "deauthorize" }
}
],
"minimum_number_should_match": 1
}
},
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
]
}
And I need to add range filter to my request:
"filter":
{
"range": {
"@timestamp": {
"gt": "now-1h"
}
}
}
where i can put it?
Multiple filters to queries can be arranged with a must clause like this:
GET test/doc/_search
{
"size": 10000,
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"term": {
"event": "logged_in"
}
},
{
"term": {
"event": "deauthorize"
}
}
],
"minimum_number_should_match": 1
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gt": "now-1h"
}
}
},
{
"term": {
"user_id": "254337"
}
}
]
}
}
}
},
"sort": [
{
"@timestamp": {
"order": "asc"
}
}
]
}THX it works!!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.