I'm using TL to look at monetary transactions and am able to add two different variables from the same field for a query, like this:
.es(index=somedata*, q='Mode:(02 OR 04)', timefield=Date)
...but I'm having a hard time adding a second field. For example, the string above will give me everything tagged with 02 or 04 in the Mode field. However, I would also like to further filter it to show me only records with a field called BRD containing V but not any other letter.
I believe the q param is just the Lucene query syntax, which means you should be able to use AND in that query, more or less like so: .es(index=somedata*, q='Mode:(02 OR 04) AND BRD:V', timefield=Date)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.