Hello , I want to read output for following
SELECT * FROM "alpha-*" where APILog.req.operationName="submitOrder"
but seems it is failing for the APILog.req.operationName . Can we not use that way in SQL ? I have attached screen from kibana the way it looks.
Does the command succeed if you wrap the field name in quotes?
SELECT * FROM "alpha-*" where "APILog.req.operationName"="submitOrder"
Thanks that worked.
One small correction, if I may: if submitOrder is a literal (constant), it should be surrounded by single quotes, not double ones: SELECT * FROM "alpha-*" where "APILog.req.operationName"='submitOrder'.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.