Hi,
Its regarding elasticdump tool.I have required to output the result in a file with filters.
elasticdump --input=http://localhost:9200/2_logmon_eventlog-2019_04_22 --output="C:\2_logmon_eventlog-2019_04_22__20190419235959.json" --searchBody "{"query":{"filtered":{"query":{"bool":{"must":{"term":{"Type":["Error","Audit Success"]}}}}}}}" --type=data >
The above query is failing with error
Mon, 22 Apr 2019 11:44:59 GMT | Total Writes: 0
Mon, 22 Apr 2019 11:44:59 GMT | dump ended with error (get phase) => Error: {"error":"SearchPhaseExecutionException[Failed to execute phase [init_scan], all shards failed; shardFailures {[hq26BW7OS3aPqZ4vx0gQAg][2_logmon_eventlog-2019_04_22][0]: SearchParseException[[2_logmon_eventlog-2019_04_22][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"filtered":{"query":{"bool":{"must":{"match":{"Type":["Error","Audit Success"]}}}}}},"size":20}]]]; nested: QueryParsingException[[2_logmon_eventlog-2019_04_22] [match] query parsed in simplified form, with direct field name, but included more options than just the field name, possibly use its 'options' form, with 'query' element?]; }{[hq26BW7OS3aPqZ4vx0gQAg][2_logmon_eventlog-2019_04_22][1]:
2)elasticdump --input=http://localhost:9200/2_logmon_eventlog-2019_04_22 --output="C:\2_logmon_eventlog-2019_04_22__20190419235959.json" --searchBody "{"query":{"filtered":{"query":{"bool":{"must":{"match":{"Type":"Audit Success"}}}}}}}" --type=data
Is listing all data.
Here my question how to check Type for multiple keywords like #1 query..Kindly suggest.