DSL or in match

Elastic Stack Elasticsearch
1

I need a query that returns all documents where "QueryString" property contains "id=20" or "ad = 20". I tried:
GET /logs/_search
{
"query": {
"match": {
"QueryString": "id=20 ad=20"
}
}
}
but it does not work. Another problem is that:
GET /logs/_search
{

"query": {
"match": {
"Url": "OrderList23.aspx"
}
}
}
Returns:
{
"_index": "logs",
"_type": "doc",
"_id": "PSv2LWUBctE0UWUILvHK",
"_score": 1.848918,
"_source": {
"Referer": "https://omniasig-int-test.vig.pl/Claim/ClaimsList.aspx",
"tags": [
"_geoip_lookup_failure"
],
"SubStatus": "0",
"TimeTaken": "1",
"@version": "1",
"Method": "POST",
"Status": "302",
"message": "2018-01-22 22:00:00 10.1.10.244 POST /Order/OrderList23.aspx - 3353 marek 10.0.1.203 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://omniasig-int-test.vig.pl/Claim/ClaimsList.aspx 302 0 0 1\r",
"ServerIp": "10.1.10.244",
"path": "C:/iislog/iis-log.log",
"@timestamp": "2018-01-22T22:00:00.000Z",
"WinStatus": "0",
"User": "marek",
"ClientIp": "10.0.1.203",
"Port": "3353",
"Url": "/Order/OrderList23.aspx",
"QueryString": "-",
"Agent": "Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko",
"type": "IISLog",
"host": "PEN-PNOW-01"
}
}
As far as I can see URL property is "/Order/OrderList23.aspx".
match_phrase works better:
Query:
GET /logs/_search
{

"query": {
"match_phrase": {
"Url": "OrderList23.aspx"
}
}
}
Result is:
{
"_index": "logs",
"_type": "doc",
"_id": "PSv2LWUBctE0UWUILvHK",
"_score": 1.8489181,
"_source": {
"Referer": "https://omniasig-int-test.vig.pl/Claim/ClaimsList.aspx",
"tags": [
"_geoip_lookup_failure"
],
"SubStatus": "0",
"TimeTaken": "1",
"@version": "1",
"Method": "POST",
"Status": "302",
"message": "2018-01-22 22:00:00 10.1.10.244 POST /Order/OrderList23.aspx - 3353 marek 10.0.1.203 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://omniasig-int-test.vig.pl/Claim/ClaimsList.aspx 302 0 0 1\r",
"ServerIp": "10.1.10.244",
"path": "C:/iislog/iis-log.log",
"@timestamp": "2018-01-22T22:00:00.000Z",
"WinStatus": "0",
"User": "marek",
"ClientIp": "10.0.1.203",
"Port": "3353",
"Url": "/Order/OrderList23.aspx",
"QueryString": "-",
"Agent": "Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko",
"type": "IISLog",
"host": "PEN-PNOW-01"
}
}
but I don't know how to add "or" to get it working

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.