Logstash "Duplicate field 'match'

sahere37 · July 13, 2021, 10:42am

Hi all
I am using following input in logstash conf file to checking matching of a field.

input {
elasticsearch {
hosts => ["http://localhost:9200/"]
index => "log*"
query => '{
		"query": { 
		      "bool" : {
		          "must" : {
		                "match": { "request.type": "1"},
		                "match": { "request.type": "2"}

		             },
				   "filter" : { 
                        "range" : {   "timestamp" : { "gte": "now-1d/d", "lte": "now-1d/d"}} 
				   }
		      }

		}, 
		"sort": [ "_doc" ] 
	}'
}
 exec { command => "/bin/true" interval => 864000 } 
}

but running it leading to following error in logstash and cannot be started:

Error: [500] {"error":{"root_cause":[{"type":"json_parse_exception","reason":"Duplicate field 'match'\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@4770f542; line: 6, column: 26]"}],"type":"json_parse_exception","reason":"Duplicate field 'match'\n at [Source: org.elasticsearch.transport.netty4.ByteBufStreamInput@4770f542; line: 6, column: 26]"},"status":500}

actually i want to filter events that their request.type field value is 1 or 2.
any help will be so appreciated

system · August 10, 2021, 10:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can i check data of mapping field in elasticsearch with logstash Logstash	6	1100	April 15, 2018
Problem with duplicate data in field Logstash	3	2060	August 10, 2017
Error when using elasticsearch logstash filter Logstash	2	348	May 6, 2022
Failed to query elasticsearch for previous event Logstash	1	1784	July 6, 2017
Field name duplicate with file conf and json doc Logstash	7	2066	July 6, 2017

Logstash "Duplicate field 'match'

Related Topics