Elasticsearch direct queries
Try to search entries from Logstash host UA-web1 with message including «Data» and not including «censored». Filter to fetch «path» field only:
curl -XGET http://localhost:9200/logstash-2016.03.22/_search?pretty=true -d {' "query": { "bool": { "should": [ { "match": { "host": "UA-web1"}}, { "match": { "message": "Data"}} ], "must_not": { "match": { "message": "censored" } } } }, "fields": "path" '}
Ответить