I am dealing with logs from a website, both traffic and error logs, and am attempting to get all traffic log documents (with "TrafficLog" as the messsage) to return that have the same ip as any error logs (all logs that do not have "TrafficLog in the message) that have been generated. This is the low level goal, I am trying to see how these type of things would work in elasticsearch. I know the bellow search DSL structure is badly mutated, but is there a way to do a search something like this?
GET _search
{
"query": {
"match": {
"@fields.ip": {
"bool": {
"should": [
{
"_source": {
"includes": ["@fields.ip"]
},
"query": {
"bool": {
"must_not": [
{"field": { "message": "TrafficLog"}}
]
}
}
},
{
"query": {
"bool": {
"must": [
{"field": { "message": "TrafficLog"}}
]
}
}
}
]
}
}
}
}
}