Hi
I am trying to return the number of errors reported against a specific application in our stack. The search term i am using is
"search" : {
"request" : {
"indices" : "development-*",
"body" : {
"query" : {
"bool" : {
"must" : [
{
"match" : {"apigw.log_level": "ERROR"}
},
{
"match" : {"message":
{
"query": "ab-p-some-api*",
"operator" : "and",
}
}
},
{
"match" : {"tags": "apigw"}
}
],
"filter" : {
"range" : {
"@timestamp" : {
"from" : "now-5m",
"to" : "now"
}
}
}
}
}
}
}
}
},
however, it returns more results than i am expecting due to the hyphens in the query string being ignored.
Can anyone advise how i make the script check on the exact query string which will be appended by the api version hence the *
at the end of the ab-p-some-api*
string