Home > database >  How to create a filter on 2 fields in an alias?
How to create a filter on 2 fields in an alias?

Time:03-23

I am looking to create an alias of an index that would retrieve information according to one of 2 filters. One or the other, an "OR" in fact.

For example:

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview {
  "filter": {
    "terms": {
      "data_stream.namespace": [
        "etu"
      ]
    }
  }  
}

or

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview {
  "filter": {
    "terms": {
      "agent.name": [
        "ec6b600226d0",
        "b26a7b13a8bd"
      ]
    }
  }
}

Thanks in advance for your help

CodePudding user response:

Simply use a bool/should constraint between the two filters:

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview
{
  "filter": {
    "bool": {
      "minimum_should_match": 1,
      "should": [
        {
          "terms": {
            "agent.name": [
              "ec6b600226d0",
              "b26a7b13a8bd"
            ]
          }
        },
        {
          "terms": {
            "data_stream.namespace": [
              "etu"
            ]
          }
        }
      ]
    }
  }
}

Page link:https//www.codepudding.com/database/344731.html

Prev:Flutter - create a Ratings Summary or use package
Next:Exclude a field from search results by another field on elasticsearch?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding