Query returns non matching records

ManuMP · August 14, 2019, 10:22am

Hi ,

I am using the following query to identify log entries having the message "DeviceStatus changed to Idle" within a period. But the query also returns the following messages

"Module State is changed to idle ModuleName : PA Previous State Idle"
"Module State is changed to idle ModuleName : PM2 Previous State Idle"

{
"query": {
"bool":{
"must":[
{ "match":{
"Message":"DeviceStatus changed to Idle"
}
},
{ "range":{
"@timestamp":{
"gte":"2019-08-08T13:42:39.307Z",
"lt":"2019-08-08T13:42:40.430Z"
}
}
}
]
}
}
}

What changes should be made to get matching records?

spinscale · August 14, 2019, 10:27am

hey,

note that the default operator for the match query is OR, see https://www.elastic.co/guide/en/elasticsearch/reference/7.3/query-dsl-match-query.html#query-dsl-match-query-boolean

If that is not your issue, please provide a fully reproducible example.

Thanks!

system · September 11, 2019, 10:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.