Multipe terms and date range

hi, i try to run this query

curl -H 'Content-Type: application/json' -XGET 'http://10.42.97.15:9200/project.prod-esb.*/_search?q=logLevel:AUDIT&pretty=true' -d @payload.in
{  
    "_source":["logMessage"],
    "query": {
          "range":{ 
              "@timestamp":{ 
                 "gte":1553068800,
                 "lte":1553069100,
                 "format":"epoch_millis"
              }
            "term": {
                "term":{"kubernetes.container_name":"ordersubmission-bs-v2"}
              }
           }
    }
}

But i got error, it said can't use multipe filter. Is there anything wrong with my query? if yes then how it should be look like?

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

You should combine all your queries within a bool query under a must array.
Also the q=logLevel:AUDIT should be replaced by a query_string query that you would also put inside the must array. Or a match query.

See https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html for more details about bool queries.

Thanks for the correction dadoo. I have try with this query

{
  "query": {
    "bool" : {
      "must" : {
        "term":{"kubernetes.container_name":"ordersubmission-bs-v2"},
        "range":{ 
              "@timestamp":{ 
                 "gte":1553068800,
                 "lte":1553069100,
                 "format":"epoch_millis"
              }
          }
    }
  }
}
}

But it return malformed query : expected [END_OBJECT] but found [FIELD_NAME]

kindly need your help to check if i miss something here

Try:

GET test/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "kubernetes.container_name": "ordersubmission-bs-v2"
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": 1553068800,
              "lte": 1553069100,
              "format": "epoch_millis"
            }
          }
        }
      ]
    }
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.