How to combine ES query


(ganeshbabu) #1

Hi All,

I am using Elasticsearch 5.6.4 version for my application and I want to write ES query for the following use case,

Let’s say I have an index in elasticsearch called as “winlogbeat”

From the index I am having one field has “event_id” and it has two values 299 & 500. In during search if I use the event_id 299 I will get the list of site informations and instance_id, if I use the event_id 500 I will get the username & instance_id and important thing is both instance_id are same in the response.

I want to combine these two in single query and find which user has successfully logged in with respect to each site.

Please kindly share any thoughts and it would be very helpful.

Regards,
Ganeshbabu R


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.