How to set log.file.path in dev tools

Fosiul_Alam · September 4, 2019, 6:41pm

GET filebeat-*/_search
{
   "size":1000,
   "log.file.path":"*logfile.log",
   "query":{
      "bool":{
         "must":{
            "match":{
               "message":"'[COMMAND:LOG]' and '[COMMAND:1]'"
            }
         },
         "filter":{
            "range":{
               "@timestamp":{
                  "gte":"now-15m"
               }
            }
         }
      }
   }
}

I am trying to match only that log file defined in "log.file.path": "*logfile.log",
but it say

{
   "error":{
      "root_cause":[
         {
            "type":"parsing_exception",
            "reason":"Unknown key for a VALUE_STRING in [log.file.path].",
            "line":3,
            "col":20
         }
      ],
      "type":"parsing_exception",
      "reason":"Unknown key for a VALUE_STRING in [log.file.path].",
      "line":3,
      "col":20
   },
   "status":400
}

tylersmalley · September 5, 2019, 6:01pm

What is log.file.path in reference to? Is this a field in your index your wanting to reference or an Elasticsearch setting?

Fosiul_Alam · September 5, 2019, 7:19pm

Hi,
Normally in Kibana discover tools i use this search
log.file.path:CONCOX.log And "[COMMAND:LOG]" AND "[POS:false]"

log.file.path is a filed . example

t input.type	log

t log.file.path /log/CONCOX.log

tylersmalley · September 5, 2019, 8:19pm

For that, the query is going to look more like this:

GET filebeat-*/_search
{
   "size":1000,
   "query":{
      "bool":{
        "filter":[
            {
              "bool":{
                  "should":[
                    {
                        "match":{
                          "log.file.path":"CONCOX.log"
                        }
                    }
                  ],
                  "minimum_should_match":1
              }
            },
            {
              "bool":{
                  "filter":[
                    {
                        "multi_match":{
                          "type":"phrase",
                          "query":"[COMMAND:LOG]",
                          "lenient":true
                        }
                    },
                    {
                        "multi_match":{
                          "type":"phrase",
                          "query":"[POS:false]",
                          "lenient":true
                        }
                    }
                  ]
              }
            }
        ]
      }
   }
}

Here are the docs for the query DSL: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-filter-context.html

system · October 3, 2019, 8:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.