Querying log data to get unique error messages

N220 · June 26, 2020, 3:37am

Hi ,
Issue: To get unique error messages from the logs available in elastic search.
I have enabled field data as true for text fields.
my query:

{
  "query": {
    "bool": {
      "must": [
        {
          "match_phrase": {
            "message": "Error"
          }
        },
        {
          "match_phrase": {
            "type": "lab_source"
          }
        }
      ]
    }
  },
  "aggs": {
    "log_message": {
      "significant_text": {
        "field": "message",
        "filter_duplicate_text": "true"
      }
    }
  },
  "size": 1000
}

Error messge example: "..... June 16 23:00:00 ..............Error.."
The same error message with different timestamps.
Can anybody help me with the query so that it will return unique error messages and how to get unique text fields?

Thanks !

system · July 24, 2020, 3:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Querying syslog data to fetch unique error messages Elasticsearch	1	429	July 28, 2020
Distinct Values for Phrases Help Elasticsearch	5	905	July 5, 2017
How to get the unique results from ES query Elasticsearch	1	484	February 9, 2017
Noob Help with duplicates Elasticsearch	2	493	April 15, 2017
How to find the number of times a particular log event happened in the ES using query Elasticsearch	1	317	June 27, 2018

Querying log data to get unique error messages

Related topics