Hello guys im having some trouble to create multiple conditions.
Ill give some pseudo examples in order to show my idea.
"must_not": [
{
"match": {
"geoip.country_name": "Portugal"
}
},
AND
{
"match": {
"user.id": "john@hotmail.com"
}
},
OR
{
"match": {
"geoip.country_name": "Germany"
}
},
AND
{
"match": {
"user.id": "alex@hotmail.com"
}
},
This example is just for you to "understand" my needs, i know it is not well written, but:
Basically, i dont want to trigger the logs which the users match the associated country, but if the user matched any other country, or the country matched any other user, there would be a trigger.
The way that it is written, without those "OR, AND" i wouldnt trigger, neither those countrys neither those users.
I dont really find a way to do this.
If there is something that i must read to be able to do this, ill be very grateful if you 'give me a direction'.
Thank you for your help 