Elasticsearch filter plugin not sorting properly

Kagerou · May 14, 2019, 5:02pm

I'm currently using the elasticsearch filter plugin to search for documents I have in elasticsearch.

a snippet of my config file:

query => "messageContent:offline, alert AND senderID:%{[senderID]}"
sort => "@timestamp:desc"

Alert is the first document inserted and it's only done once. All the documents following it are offline.

When I apply the timestamp:desc sort however, alert is the first document to appear. When I take it out of the query it pulls the latest offline document. Also if I switch the code from

query => "messageContent:offline, alert AND senderID:%{[senderID]}"

to

query => "messageContent:alert, offline AND senderID:%{[senderID]}"

It works properly. Any suggestions to fix this issue?

Kagerou · May 14, 2019, 6:41pm

This can be closed. I needed to change the query from

"messageContent:offline, alert AND senderID"

to

"messageContent:(offline OR alert) AND senderID

system · June 11, 2019, 6:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sorting search results Elasticsearch	2	751	July 6, 2017
Elastic filter plugin is not working Logstash	2	835	January 7, 2018
Logstash elastic search filter plugin Logstash	2	443	May 16, 2019
Sorting search results Elasticsearch	1	269	July 6, 2017
[filter elasticsearch] sort query Logstash	1	926	July 6, 2017

Elasticsearch filter plugin not sorting properly

Related topics