I am using the following filter to limit the number of windows services displayed on a Kibana Dashboard:
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"windows.service.name": "lmhosts"
}
},
{
"match_phrase": {
"windows.service.name": "sppsvc"
}
},
{
"match_phrase": {
"windows.service.name": "UmRdpService"
}
},
{
"match_phrase": {
"windows.service.name": "QWAVE"
}
},
etc.
Is it possible to match this functionality with a Logstash filter? (I am very new to elasticsearch)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.