TOUT EST DANS LE CODE, je veux uniquement afficher les logs contenant le patern toto, or cela est impossible puisque la query * est toujours activé, du coup je vois tous les logs, comme d'hab.
Si vous avez entre-temps une astuce pour modifier moi-même cette requête afin de supprimer le champ * ça serait cool.
All is in the code below, I only want to display the patern : "toto", but I cannot because the query * is still active, consequently my table displays all the events as usually.
Best regards.
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": { // WTF
"query": ""
}*
},
{
"query_string": {
"query": "@message:"toto""
}
}
]
}
},
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4364ee44-71bd-4f04-b801-fc6f87edfb1f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.