Here is my current Timelion query. How do I EXCLUDE lines? I'd like to exclude apache log lines that have source.ip ::1 and destination.domain localhost. Thanks.
.es(q='event.dataset:apache.access AND agent.name:server7').label(server7).color(red),
.es(q='event.dataset:apache.access AND agent.name:server8').label(server8).color(green),
.es(q='event.dataset:apache.access AND agent.name:server9').label(server9).color(#0000FF)
.title('Server Requests')
Bueller?
Does this work?
event.dataset:apache.access AND agent.name:server7 AND NOT source.ip:1 AND NOT destination.domain:localhost
Wow that was too easy. Wish it was in the documentation! I spent hours looking for that!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.