由于我新的Kibana/弹性我需要帮助Kibana搜索查询/观察器与以下参数。
((condition11 and condition 12 and condition 13) and (condition21 and condition22))即((AppName and errorMesg1 and log_level) and (app2 and logMessage))
((App1 AND 'Not_Found 404' AND 'ERROR') AND (App2 AND 'RetryCount is 6.Publsihing message to DLQ'))我在下面试过了,但没有任何结果。请告诉我哪里缺少查询
bool:{
should:[
{match_phrase: {appName: "abc"}},
{match_phrase: {log_level: "ERROR"}},
{match_phrase: {ErrorMessage: "Not_Found 404"}},
]},
bool:{
should:[
{match_phrase: {appName: "xyz"}},
{match_phrase: {LogMessage: "RetryCount is 6.Publsihing message to DLQ"}},
]}
1条答案
按热度按时间hrirmatl1#
我相信更好的选择是把“应该”改成“必须”。子句必须就像和。