Hi all
I am using following input in logstash conf file to checking matching of a field.
input {
elasticsearch {
hosts => ["http://localhost:9200/"]
index => "log*"
query => '{
"query": {
"bool" : {
"must" : {
"match": { "request.type": "1"},
"match": { "request.type": "2"}
},
"filter" : {
"range" : { "timestamp" : { "gte": "now-1d/d", "lte": "now-1d/d"}}
}
}
},
"sort": [ "_doc" ]
}'
}
exec { command => "/bin/true" interval => 864000 }
}
but running it leading to following error in logstash and cannot be started:
Error: [500] {"error":{"root_cause":[{"type":"json_parse_exception","reason":"Duplicate field 'match'\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@4770f542; line: 6, column: 26]"}],"type":"json_parse_exception","reason":"Duplicate field 'match'\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@4770f542; line: 6, column: 26]"},"status":500}
actually i want to filter events that their request.type field value is 1 or 2.
any help will be so appreciated