Hi All,
I am using ES 5.1, and here is my curl command to trace the first 100 message in one index, something as:
"
curl "http://localhost:9200/<my_index>/_search?pretty=1&q=ERROR...&default_operator=AND&_source=path,message,@timestamp&size=..." -d
'{
"query": {
"match": {
"message": "<search_key_word>"
}
},
"sort": [ { "@timestamp": { "order": "asc"}}]
}
}'
".
And here is the sample of response I got ==>
"
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1805,
"max_score" : null,
"hits" : [
{
"_index" : "<my_index_here>",
"_type" : "jfk",
"_id" : "AVmNHSzFoBaEjBK5MkUa",
"_score" : null,
"_source" : {
"path" : "...",
"@timestamp" : "2017-01-11T10:40:13.903Z",
"message" : "FAILED for reason 1 ... "
},
"sort" : [
1484131213903
]
},
....
{
"_index" : "<my_index_here>",
"_type" : "jfk",
"_id" : "AVmNHSzFoBaEjBK5MkU1",
"_score" : null,
"_source" : {
"path" : "...",
"@timestamp" : "2017-01-11T10:40:13.903Z",
"message" : "FAILED for reason X... "
},
"sort" : [
1484131213903
]
} ] }}
"
The question I have is, what the query would be, that in the response, the value of "message" part is unique ? I have googled for a while, but still no luck.
Appreciated if someone can help for that. Thanks a lot.
Chun