caub
March 1, 2019, 10:57am
1
example:
GET filebeat*/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"stream": "stderr"
}
},
{
"range": {
"@timestamp": {
"gte": "now-24h"
}
}
}
],
"must_not": [
{
"q": "message:Foo+Bar",
"language": "lucene"
}
]
}
}
}
Would something like this be possible?
I know I could convert this lucene syntax in the ES Query DSL, but I'd like to use several queries defined in Lucene syntax, programmatically
dadoonet
March 1, 2019, 11:13am
2
The query string query uses a Lucene syntax if this is what you are looking for.
caub
March 1, 2019, 11:19am
3
Thanks, yes I know I can do ?q=message:Foo+Bar as query string, but I'd like to wrap multiple lucene searches inside a bigger query like above
dadoonet
March 1, 2019, 11:32am
4
Not sure if I got your question right but this?
GET /_search
{
"query": {
"query_string" : {
"query" : "message:Foo+Bar"
}
}
}
Based on doc here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html
caub
March 1, 2019, 11:47am
5
Wow, thanks, that's what I needed
system
March 29, 2019, 11:47am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.