Multi match equal both fields

seefor · January 18, 2021, 6:56pm

New to elastic search
I have the following search, which works great but I would like to only return when both "result.confidence", "result.severity" = HIGH instead of when either equal HIGH

    {
  "size": 10000, 
    "query": {
      "bool": {
        "filter": [
          {
        "multi_match": {
        "query": "HIGH",
        "fields": ["result.confidence", "result.severity"]
      }
      },
      {
                    "range" : {
            "@timestamp": {
                "gte" : "now-1h",
                "lt" :  "now"
            }
        }
    
          }
        ]
      }
    }
}

seefor · January 18, 2021, 7:32pm

I found the solution, I will post it here in case someone else needs it

{
  "size": 10000, 
    "query": {
        "bool": {
            "must": [
                {
                    "match": {
                       "result.confidence": "HIGH"
                    }
                },
                {
                    "match": {
                       "result.severity": "HIGH"
                    }
                },
                        {
          "range": {
            "@timestamp": {
              "gte": "now-1h",
              "lt": "now"
            }
          }
        }
            ]
        }
    }
}

system · February 15, 2021, 7:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.