adhikz
October 27, 2016, 1:16pm
1
Hi, I have set up my Elk stack and everything seems to be working perfectly in terms of indexing and filtering data that i require.
My log file contains the following :
123 20126254 6718 Chicken
1234 20326254 6718 Bread
123 20126254 6718 Chicken
123 20126254 6718 Chicken
12345 20426254 6718 Rice
123456 20526254 6718 apples
123 20126254 6718 Chicken
When i filter the results with grok i get the following output for each line in my log file:
OrderNumber : 123
ProductId: 20126254
ProductType: 6718
ProductName: Chicken
I need some advice on how to go about querying this data in elastic search in order to get specific results.
This is what i would like to do:
Select all OrderNumbers that contain the same productId
Please advise me on how i should go about doing this?
Should i use json?
Thanks.
Select all OrderNumbers that contain the same productId
Do you mean "select all documents that have a particular product id (e.g. 20126254)"? Or do you want to select all documents but group them by the product id?
adhikz
October 27, 2016, 2:14pm
3
when i run this query it should return the follwoing :
Current Data in one index
123 20126254 6718 Chicken
1234 20326254 6718 Bread
12363 20126254 6718 Chicken
12323 20126254 6718 Chicken
12345 20426254 6718 Rice
123456 20526254 6718 apples
12379 20126254 6718 Chicken
After i run query i would like to see the follwoing result :
123 20126254 6718 Chicken
12363 20126254 6718 Chicken
12379 20126254 6718 Chicken
12323 20126254 6718 Chicken
As you can see above this will return all OrderNumbers which are different but contain the same ProductId.
OrderNumber : 123
ProductId : 20126254
OrderNumber : 12363
ProductId : 20126254
OrderNumber : 12379
ProductId : 20126254
OrderNumber : 12323
ProductId : 20126254
I hope i explained correctly.
Use the query ProductId:20126254 to get all documents with the product id 20126254.