Dear all =)
If I want to search for the following
host:"10.250.11.11" and custom4:"errors occurred"
then match-query and simple-query-string both looks like possible candidates.
I will end up creating Kibana Rules, and since JSON requires use of " it isn't possible to use query-string .
Question 1
GET _search
{
"query": {
"match": {
"host": {
"query": "10.250.11.11"
}
},
"match": {
"custom4": {
"query": "errors occurred"
}
}
}
}
then how can I specify that the two match should be "anded" together?
Question 2
GET /_search
{
"query": {
"simple_query_string" : {
"query": "\"10.250.11.11\" +\"errors occurred\"",
}
}
}
How can I specify that the first string is from field host and the second is from field custom4?
Hugs,
dadoonet
October 22, 2021, 12:57pm
2
You can use bool queries for that.
1 Like
That is super interesting! Thanks =)
So must translates to and I suppose. What about or?
What could I do for the following two?:
host:"10.250.11.11" OR custom4:"errors occurred"
^^
host:"10.250.11.11" AND (custom4:"errors occurred" OR custom3:"timed out"
Excellent. Thanks.
talks about scores. Should I set something so I only get when there are 100% matches?
Iker
October 22, 2021, 3:18pm
6
If you have access to a Kibana instance, you could debug the searches and filters that you specify through the "Inspect" button :
Example Searches:
Example Filters:
1 Like
Perfect. That is great =)
Do you know if there is a REST API where I can give KQL and get Elastic query back?
Iker
October 22, 2021, 4:48pm
8
Not that I'm aware, the only section that shows you both KQL & Query DSL is the Kibana Debiug interface.
1 Like
system
November 19, 2021, 4:49pm
9
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
