puts "****************************************************"
puts "* This program will search Elastic Search Cloud *"
puts "* based on a single field name and a single value *"
puts "* for the given field name *"
puts "****************************************************"
puts
puts "Which field name in Elasticsearch would you like to search on?"
field_name = gets.chomp
#
puts "What value for [" + field_name + "] would you like to search for?"
field_value = gets.chomp
#
puts
puts "Searching for '" + field_value + "' in [" + field_name + "]"
puts
#######################################
# MAIN CODE BODY
#######################################
response = es.search index: 'filebeat-*',
scroll: '1m',
body: {
query: {
bool: {
must: [
{match: { "event.id": "CLAPr91aCeIQsNNS04"}}
]
}
}
}
Good Morning Everyone ... this code works just fine if I hard code the field and value in the match statement. For the life of me I cannot sort out how to get field_name and field_value (obtained from user input at the beginning of the code) inserted into the match statement ...
It's likely something super simple and I am just missing it ...
Appreciate any feedback ... thanks so much!