Is there are max number of operators in a query?

Sandra_Schlichting · June 8, 2021, 11:35am

Dear all =)

Ideally would I like to make a search query that contains approx 100 OR operators and 1 AND NOT like so

(logLevel:error OR logLevel:fatal) AND NOT
(searchString1 OR searchString2 OR searchString3 OR  ...  OR searchString100)

where a searchString would typically be simple such as msg:'Could not find ID' but with approx 100 different messages.

I want to find all the errors I don't know how to search for. All the searchString's are error messages I know about, so the purpose of this is to create a "Catch All" =)

Which raises the following questions =)

Is there a max number of operators in a query? 500 would be excellent if possible =)
Will this be CPU heavy on Elastic?
Are there a better way to do it?

Hugs,
Sandra =)

Sandra_Schlichting · June 9, 2021, 12:27pm

I have found a better way to do it. Each document have the unique _id which I can use to delete duplicates.

system · July 7, 2021, 12:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.