Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

How to create a filter on 2 fields in an alias?

byMR
March 22, 2022

I am looking to create an alias of an index that would retrieve information according to one of 2 filters. One or the other, an "OR" in fact.

For example:

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview {
  "filter": {
    "terms": {
      "data_stream.namespace": [
        "etu"
      ]
    }
  }  
}

or

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview {
  "filter": {
    "terms": {
      "agent.name": [
        "ec6b600226d0",
        "b26a7b13a8bd"
      ]
    }
  }
}

Thanks in advance for your help

>Solution :

Simply use a bool/should constraint between the two filters:

PUT .internal.alerts-security.alerts-jse-000001/_alias/.alerts-security.alerts-global-overview
{
  "filter": {
    "bool": {
      "minimum_should_match": 1,
      "should": [
        {
          "terms": {
            "agent.name": [
              "ec6b600226d0",
              "b26a7b13a8bd"
            ]
          }
        },
        {
          "terms": {
            "data_stream.namespace": [
              "etu"
            ]
          }
        }
      ]
    }
  }
}
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading