Hi,
I am using ELK GA 5.0.0. I have created a line chart with Count in Y-Axis and X-Axis>Aggregation>Date Histogram. Then I did Split Lines>Sub Aggregation>Filters and gave filter !error:ERR0|ERR1. My requirement is to display logs whose error field doesnot contain both ERR0 and ERR1. It may conatin other values like ERR1, ERR2 etc. My question is, which one is the right filter? !error:ERR0&ERR1 or !error:ERR0|ERR1? Or is there some other way?
Thanks in advance..
There are a number of different ways to accomplish this with the query syntax. I'm particularly fond of using the boolean operators instead or AND/OR. I would write your query like this:
error:(-ERR0 -ERR1)
This essentially says, get all docs where the error field is not ERR0 and it is also not ERR1.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.