Timelion: Multiple Queries in One String

JWR · January 31, 2018, 7:29pm

Hello,

I'm using TL to look at monetary transactions and am able to add two different variables from the same field for a query, like this:

.es(index=somedata*, q='Mode:(02 OR 04)', timefield=Date)

...but I'm having a hard time adding a second field. For example, the string above will give me everything tagged with 02 or 04 in the Mode field. However, I would also like to further filter it to show me only records with a field called BRD containing V but not any other letter.

Any help would be appreciated.

Joe_Fleming · January 31, 2018, 7:42pm

I believe the q param is just the Lucene query syntax, which means you should be able to use AND in that query, more or less like so: .es(index=somedata*, q='Mode:(02 OR 04) AND BRD:V', timefield=Date)

JWR · January 31, 2018, 7:57pm

That was it! I was on that path, but had my quotes in the wrong place. Thank you very much.

JW

Topic		Replies	Views
Timelion syntax Kibana timelion	2	508	April 26, 2018
TimeLion Query for adding in a field from index Kibana timelion	2	358	April 11, 2019
Kibana Timelion: how to query a specific value expression with space Kibana timelion	6	3960	June 7, 2018
Using queries on Timelion Elasticsearch	2	473	September 23, 2018
Query with more than one field Elasticsearch	8	645	August 20, 2020

Timelion: Multiple Queries in One String

Related topics