I am using Elast Alert for Alerting System which queries ElasticSearch using REST API's for a certain interval of time. But I have a scenario that I need to compare two fields if the values of two fields get matches alert has to be triggered, but elast alert support filter option where we can write query string. I found using bool query along with the script query we can achieve it in elastic search, but how to write a query using query_string for comparing two field values. Please help me out, thanks in advance
1 Like
I do not think you can do that using a query string. One way to do it might be through a scripted field but if you have the adata in the event you could also created a new field at index time that you could use directly.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.