How to set filter to check for multiple conditions?

Aswin_Francis · November 14, 2017, 5:52am

I want to add a filter to my existing saved search where I want hide message based on source_name and event_id. So basically if source_name=Microsoft-Windows-Perflib and event_id=1008 then it should display on the discover page.
{
"query": {
"match": {
"source_name": {
"query": "Microsoft-Windows-Perflib",
"type": "phrase"
}
}
}
}

The above filter i added just uses the source name. Can some one help me add filter based on two conditions? I am not given a lot of time to sort few things and i might add more questions as i work in this

amolagnihotri · November 14, 2017, 7:00am

You can try this ...

{
"query": {
"bool": {
"should": [
{"match": {"source_name": {"query": "Microsoft-Windows-Perflib", "type": "phrase"} } },
{"match": {"source_name": {"query": "event_id=1008", "type": "phrase"} } }
]}
}
}

Aswin_Francis · November 14, 2017, 7:07am

Thank you so much!!! Does Kibana have a list of generic windows error that can be ignored instead of manually creating filter?

Aswin_Francis · November 14, 2017, 12:34pm

Andi think you meant:
{
"query": {
"bool": {
"should": [
{"match": {"source_name": {"query": "Microsoft-Windows-Perflib", "type": "phrase"} } },
{"match": {"event_id": {"query": "1008", "type": "phrase"} } }
]}
}
}

system · December 12, 2017, 12:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana: Create tag or field based on conditional query Kibana	2	1343	July 6, 2017
Kibana visualize filter Kibana	5	6791	December 15, 2017
How to implement multiple keywords in filter in Kibana Kibana	2	2078	March 9, 2017
Filtering for multiple values of a single field Kibana	4	38100	September 18, 2017
Add filter for Elastic rules Kibana	2	317	June 27, 2023

How to set filter to check for multiple conditions?

Related topics