The query String in Kibana is : system:APC AND host: F12*R2R* AND message:"Turn to Phase [F12P7]"
, and I want to query through Restful API like below:
String bodycontent="{"
+" \"_source\": [\"@timestamp\",\"eqpid\",\"lotid\",\"stageid\"],"
+" \"query\": {"
+" \"bool\":{"
+" \"must\":[{"
+" \"query_string\" : {"
+" \"query\": \"(system:APC) AND (host:F12*R2R*) AND (message:\*Turn to Phase [F12P7]\*)\"}"
+" },{"
+" \"range\":{"
+" \"@timestamp\":{"
+" \"gte\":\""+start+"\","
+" \"lte\":\""+end+"\"}"
+" }"
+ "}]}},"
+" \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
+"}";
I have tested below code is work(delete AND (message:\*Turn to Phase [F12P7]\*)
):
String bodycontent="{"
+" \"_source\": [\"@timestamp\",\"eqpid\",\"lotid\",\"stageid\"],"
+" \"query\": {"
+" \"bool\":{"
+" \"must\":[{"
+" \"query_string\" : {"
+" \"query\": \"(system:APC) AND (host:F12*R2R*)\"}"
+" },{"
+" \"range\":{"
+" \"@timestamp\":{"
+" \"gte\":\""+start+"\","
+" \"lte\":\""+end+"\"}"
+" }"
+ "}]}},"
+" \"sort\" : [{\"@timestamp\" : { \"order\" : \"desc\" }}]"
+"}";
but HTTP response 500 error code, the message raw data is like below:
XXXXXXXXXXX XXXXX XX XXX
XXXXXXXXXXXXX XX XXXX
XXXXXXXX
XXX Ack=0 Description="No valid MAPId [LGSQ123] exists. Turn to Phase [F12P7]" XXXX
XXXX XXXXXXXXXXXX XXXX
How could I query the specified string in the message?
thanks in advance !