Include filter from different modules

Hi

I am trying to create a graph to show number of people hitting our internal environments.

Version : ELK 7.2

Here I have installed filebeat on both Linux and windows environments.
For windows I am using IIS module.
For Linux I am using apache module.

Now I'm creating a single graph and showing users by split chart. My issue is I want to filter data base on the url access but data coming from Linux and Windows is different and I cant find a common value between these two.

Linux
I can filter data by "url.original" is one of the following

image.png940×395 25.2 KB

Windows
I can filter data by "url.path" is one of the following.

image.png696×422 24.2 KB

What I can't do is show data where we have both "url.original" and "url.path". If I add two filters the dashboard is empty as expected.

image.png1830×593 13.7 KB

Can we have some condition with filter "X (or) Y" exists. (if $url.path or $url.original) exists. )
Can you please tell me how I can achieve this.

I was able to get it done as a dsl quiery. But it would have been nice I there was an option to select.

{
  "query": {
    "bool": {
      "should": [
        {
          "match_phrase": {
            "url.path": "/portal/home/"
          }
        },
        {
          "match_phrase": {
            "url.path": "/portal/sharing/rest/portals/self"
          }
        }
		{
          "match_phrase": {
            "url.original": "/portal/home/"
          }
        }
      ],
      "minimum_should_match": 1
    }
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.