Querying log data to get unique error messages

Hi ,
Issue: To get unique error messages from the logs available in elastic search.
I have enabled field data as true for text fields.
my query:

{
  "query": {
    "bool": {
      "must": [
        {
          "match_phrase": {
            "message": "Error"
          }
        },
        {
          "match_phrase": {
            "type": "lab_source"
          }
        }
      ]
    }
  },
  "aggs": {
    "log_message": {
      "significant_text": {
        "field": "message",
        "filter_duplicate_text": "true"
      }
    }
  },
  "size": 1000
}

Error messge example: "..... June 16 23:00:00 ..............Error.."
The same error message with different timestamps.
Can anybody help me with the query so that it will return unique error messages and how to get unique text fields?

Thanks !

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.