How to write two queries in kibana search bar

vikas_gopal · November 27, 2015, 5:20am

Hi Experts,

I have a very basic requirement but I am struggling to achieve it. In Kibana I want to search all the logs where baseEventIds filed is not Null and priority should be "High" OR "VeryHigh".

Individually both the searches are working fine
To check not null I am using following and it is working fine
{"constant_score":{"filter":{"exists":{"field":"baseEventIds"}}}}
To check priority I am using following and it is working fine too
priority:"High" OR priority:"VeryHigh"

Kibana is not allowing me to combine both the queries in the search bar.I am trying
{"constant_score":{"filter":{"exists":{"field":"baseEventIds"}}}} AND priority:"High" OR priority:"VeryHigh"

is it because of syntax error ? I almost tried all the options ,Please suggest how i can achieve this ?

german23 · November 27, 2015, 7:09am

The quick&dirty solution would be:

baseEventIds:* AND (priority:High OR priority:VeryHigh)

vikas_gopal · November 27, 2015, 8:10am

Wow!! thanks German23 ,yes you are right it was quick and simple , not sure why you called it Dirty .

BTW I tried and it works too

{"constant_score" : { "filter" : {"bool" : {"should" : [{ "term" : {"priority" : "High"}}, {"term" : {"priority" : "VeryHigh"}}],"must" : {"exists":{"field":"baseEventIds"}}}}}}

Thanks
VG

SuperPringles · November 27, 2015, 9:28am

It often helps to think of it like SQL queries

vikas_gopal · November 27, 2015, 9:30am

I agreed SuperPringles.