Managing queries in Elasticsearch Logstash filter plugin

dadoonet · July 27, 2018, 10:55am

Yes. It's by default sorted on _score.

If you wish to pass a more complex query, use a query_template.

I shared an example here:

elasticsearch {
  query_template => "search-by-name.json"
  index => ".bano"
  fields => {
    "location" => "[location]"
    "address" => "[address]"
  }
  remove_field => ["headers", "host", "@version", "@timestamp"]
}

{
  "size": 1,
  "query":{
    "bool": {
      "should": [
        {
          "match": {
            "address.number": "%{[address][number]}"
          }
        },
        {
          "match": {
            "address.street_name": "%{[address][street_name]}"
          }
        },
        {
          "match": {
            "address.city": "%{[address][city]}"
          }
        }
      ]
    }
  }
}

Topic		Replies	Views
Elasticsearch query sort order index Logstash	4	548	July 24, 2018
How to query elasticsearch and take some fields from old data Logstash	3	7660	March 17, 2017
[filter elasticsearch] sort query Logstash	1	943	July 6, 2017
Elasticsearch template in Logstash doesn't mapping and not able to sort fields Logstash	1	316	January 28, 2021
Elasticsearch input query with sorting Logstash	1	670	May 20, 2020

Managing queries in Elasticsearch Logstash filter plugin

Related topics