Hello,
Is it possible to do a complex query in Kibana.
For example, i have tree rows:
{ip: 127.0.0.1, type: "type #1"}
{ip: 127.0.0.1, type: "type #2"}
{ip: 192.168.0.1, type: "type #1"}
{ip: 192.168.0.88, type: "type #2"}
Let say we want all the IPs who have the type : "type #1 AND type #2".
The result would be two rows:
{ip: 127.0.0.1, type: "type #1"}
{ip: 127.0.0.1, type: "type #2"}
Is this possible in Kibana?
Thank you
Hi there,
Yes it is possible to do a complex query. For your example, the query would look like this:
type:"type #1" OR type:"type #2"
For more info, check out these references:
Thanks,
CJ
Hello CJ,
thank you for the feedback!
However, I don't think this is the answer I am looking for.
In this case, doing:
type:"type #1" OR type:"type #2"
will return me all fields described above, because all the fields described above are of Type 1 or 2.
What I want is a query based on the IP.
The results would be all IP that are AND of type 1, AND of type 2, but would not include IPs that only have one type. I know we can do relations in elasticsearch, but I would like to know how to query those on Kibana.
Thank you,
This is a bit complicated, but I think it's a clue to what you're trying to do. You could used the Advanced JSON Input field.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.