Filter is not working while using @log_group in AWS

mfolivas · October 14, 2019, 6:45pm

I need to be able to do a filter on the @log_group but I get zero hits when doing it. When I do it with the filter, I do get hits. I figured that I am probably not this in this correct. The @log_group is set to be:
"@log_group" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},

Below is my query:

GET /logs-2019.09.24/_search
{
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"match": {
"event": "Incoming Event Requests:"
}
},
{
"match": {
"@log_group": "/aws/lambda/De-Lorean-prod-event-handler"
}
},
{
"match": {
"@message": "101c5944-28a1-4827-b3c6-11349f58b809"
}
}
]
}
}
],
"filter": {
"term": {
"@log_group": "/aws/lambda/De-Lorean-prod-event-handler"
}
}
}
}
}

mfolivas · October 14, 2019, 9:41pm

The query that I want to do is exactly as in the Kibana saved code:
{
"index": "9bfc2e10-775d-11e9-b3aa-959aec02508a",
"highlightAll": true,
"version": true,
"query": {
"query": ""driveitaway" AND "Incoming Event Requests" AND "service-ended"",
"language": "lucene"
},
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"index": "9bfc2e10-775d-11e9-b3aa-959aec02508a",
"key": "@log_group",
"negate": false,
"params": {
"query": "/aws/lambda/De-Lorean-prod-event-handler",
"type": "phrase"
},
"type": "phrase",
"value": "/aws/lambda/De-Lorean-prod-event-handler"
},
"query": {
"match": {
"@log_group": {
"query": "/aws/lambda/De-Lorean-prod-event-handler",
"type": "phrase"
}
}
}
}
]
}

system · November 11, 2019, 9:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.