Nested/hierarchical Elasticsearch query syntax?

jlixfeld · May 25, 2018, 8:04pm

Hey there,

I'm having a hard time wrapping my head around Elasticsearch search syntax in Kibana.

I have created this filter that works:

{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "flow.src_addr": "10.0.0.0/24"
          }
        },
        {
          "match": {
            "flow.dst_addr": "10.0.0.0/24"
          }
        },
        {
          "match": {
            "flow.src_addr": "10.0.1.0/24"
          }
        },
        {
          "match": {
            "flow.dst_addr": "10.0.1.0/24"
          }
        }
      ]
    }
  }
}

What I'm trying to do is simplify that syntax to the Elasticsearch equivalent of something along the lines of:

((flow.dst_addr OR flow.src_addr) AND (10.0.1.0/24 OR 10.0.3.0/24 OR 10.0.3.0/24 OR 10.13.18.0/24 OR ... etc))

Is that possible?

Christian_Dahlqvist · May 26, 2018, 5:30am

Assuming you IP fields are mapped as type ip, you should be able to use a term query to do what you are looking for.

system · June 23, 2018, 5:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nested query with filters Elasticsearch	2	4001	November 28, 2018
Need help with Elasticsearch query on Kibana Elasticsearch	2	290	November 2, 2020
Custom filter in kibana discover Kibana	5	4237	January 15, 2018
Canvas - How to do a nested Query? Kibana	3	930	May 3, 2019
Need help with Query. I use kibana sucessfully but I don't know how build my query in json Elasticsearch	1	482	September 29, 2017

Nested/hierarchical Elasticsearch query syntax?

Related topics