Query (must be X) and (must (Z or Y)

tomer · June 1, 2017, 7:45am

I am trying to build a query that a certain term (terminationCause) will be success. And that a different term (clientId) will equal either (OR) X Y or Z (but not A or B)

What I built is (ofcourse this doesn't work):

GET filebeat-*/log/_search
{
  "query": {
      "bool":{
        "must": [
          "should" : [
            {"match" :  {"clientId": "tomer"}}
          ]
        ],
      "must": [
        {"term" : {"terminationCause": "SUCCESS"}}
      ]
      
    }
  }
}

I will be happy for any help on the subject.

Tetrapack · June 1, 2017, 8:05am

GET filebeat-*/log/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "terminationCause": {
              "value": "SUCCESS"
            }
          }
        },{
          "terms": {
            "clientId": [
              "X",
              "Y",
              "Z"
            ]
          }
          
        }
      ]
    }
  }
}

This query will retrieve documents with terminationCause = "SUCCESS" and clientsId equals to X, Y or Z

Then A and B will automatically be avoided.

system · June 29, 2017, 8:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.