Fabry
Reputation: 1650
Elasticsearch api combine range and tags
I have 2 elk working queries:
GET _search
{
"query": {
"range":{
"timestamp":{
"gt": "now-15m"
}
}
}
}
and
GET _search
{
"query": {
"bool" : {
"must" : {
"match" : { "tags" : "mytag" }
}
}
}
}
How can I combine this 2 queries? Basically I want to retrieve all the documents in the last 15 minutes with a tag equals to 'mytag'
Upvotes: 0
Views: 30
Answers (1)
Green
Reputation: 2565
You need to combine both of them using must and filter. When the first give you the tags which you need and the second filter to the given time range. (BTW I went on with your schema but I remember you should look timestamp with @timestamp)
GET _search
{
"query": {
"bool" : {
"must" : {
"match" : { "tags" : "mytag" }
},
"filter":
{
"range": {
"timestamp": {
"gt": "now-15m"
}
}
}
}
}
}
Upvotes: 1
Related Questions
- Elasticsearch add range filter to aggregation
- Elasticsearch how can perform a "TERMS" AND "RANGE" query together
- ElasticSearch - Aggregation + Range + Term query
- Elastic Search combination of Range and Term filters
- elasticsearch range and term filter
- Use 2 different ranges in Elasticsearch
- term and range filters together in an elasticsearch query
- Elasticsearch: Mixing terms and ranges in post filter
- Elasticsearch multiple range filters on same field
- elasticsearch - "range" and "terms" together is not possible?