hello,
How to query easily ? Is any tool to help to implement the query ?
I've success to query on a range time but I would like to add a condition on a message pattern...
How to do that ? I've tried something like this :
{ "query": { "bool" : { "filter": { "term" : { "message" : "*my string*" } }, "must" : { "range" : { "@timestamp" : { "gte" : "now-10m", "lt" : "now" } } } }}
}
is any help to add condition in my query ?
First, prefix wildcards are a performance killer. I would refrain from using it. In the above example there is no wildcard needed.. you could just search for my AND string using a match query. Keep in mind that this works differently than SQL.
Also, you probably want to move the range part in the filter part of a boolean query and move the match query into the must part in order to apply scoring.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.