I try to get data from elasticsearch with the exact filtering that I have on a Kibana3 dashboard, and for some reason can't make it make sense.
this is what I have on Kibana (which returns docs):
and this is a query that I try to run against ES and get no results:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool" : {
"must" : [
{ "term" : { "domain_name.raw": "foo.bar" } },
{ "term" : { "method": "get" } }
],
"should" : {
"or" : [
{
"term" : { "pathname.raw" : "/xxxxx" }
},
{
"term" : { "pathname.raw" : "/yyyyy" }
},
{
"term" : { "pathname.raw" : "/zzzzz" }
}
]
}
}
}
}
}
}
I've been cracking my head on it for a few hours and can't get it to work. when I remove one of the must terms (either the domain_name or the method), I do get results. but then I'ts not exactly the filtering I need... any idea where i'm going wrong?