Help in Query (possible sub-query ?)

Hi ,

I have some documents like this and I have no clue on querying the documents without using a
subquery.

{ request-id : 1234 , status : error }
{ request-id : 1234 , error-info : system }
{ request-id : 12345 , status : error }
{ request-id : 123456 , status : error }

In the above , there are documents with indicates some error but it could be an error by system or
internal error which has no error-info.

I trying to get the query to get the count of only documents which has error status from system ? From above , request-id with 1234 is matched and count is 1. The problem is see is that when filter
documents with status as "error" and error-info "system" , the documents with any other "error"
also gets in the way. Is there a way to do like SQL , "select reques-id whose status = "error" and erro-info = system"

Hi @saz.

Yes you can implement as SQL.

Thanks
HadoopHelp

Thank you .. we don't have xpack to use it. Is that the only way to query such data ?

Hi @saz.

Please try with this :-
{ "query": { "bool": { "must": [ { "term": { "status .keyword": { "value": "error", "boost": 1 } } }, { "term": { "erro-info.keyword": { "value": "system", "boost": 1 } } } ] } } }

i hope this will work in your use case!!!

Thanks
HadoopHelp

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.