I've got a problem with definition of query in elasticsearch.
I've got two types of messages:
Jul 23 09:24:16 mmr mmr-core: Aweg3AOMTs_1563866656876839.mt processMTMessage() #12798 realtime: 5.684 ms
Jul 23 09:24:18 mmr mmr-core: Aweg3AOMTs_1563866656876839.0.dn processDN() #7750 realtime: 1.382 ms
First message is kind of sent message and second is message which confirm that message was delivered.
The difference between them is the suffix which I have separated from "id" and can query it.
I would like to find out which messages were succesfully delivered and which weren't. I am very begginer in elasticsearch so I'm really struggling.
My idea is like match id (number) and matched number suffix. So when id number
1563866656876839 has suffix
dn it was delivered. We do not know the id number before we get the log message because it's generated automatically.
In MariaDB SQL I managed it with following query:
SELECT num1 from table4 WHERE suffix IN ('mt', 'dn') GROUP BY num1 HAVING COUNT(DISTINCT suffix) = 2;
Does anyone have any ideas how to solve it? Any help is appreciated!!