i need your Help Expertes, i need to update this query to be able to get the result filtered on Prim_id alphabetic and timestamp ascending, each Prim_id is present in a log-event sorted on timestamp (log time).
i mean , for example prim_id : Ca11 is present in many times whit different content (message), i want to be able to get all log-event with Ca11 listed based on log timestamp (log time), after that the same for Ca12,Ca25...etc
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"message": "Ca12"
}
},
{
"match_phrase": {
"message": "Ca25"
}
},
{
"match_phrase": {
"message": "Ca11"
}
},
{
"match_phrase": {
"message": "Ca98"
}
}
],
"minimum_should_match": 1
}
}
}
thank you guys in advance.