Constructing Queries

Elk_huh · April 11, 2019, 4:57pm

Am i constructing this query correctly? I am getting an error when i return results but if i take out the filter it works fine.

GET indices*/_search
{
"sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
  "query": {
     "bool": {
      "must": [
        {
          "match_all": {}
        }
      ],
      "filter": [
        {
          "exists": {
            "field": "event_data.TargetUserName"
          }
        },
        {
          "exists": {
            "field": "event_data.ServiceName"
          }
        },
        {
          "match": {
            "event_id": "4,769"
          }
        }
      ]
    }
 
}
  
}

dadoonet · April 11, 2019, 6:57pm

It looks good. What is the error?

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.

system · May 9, 2019, 6:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.