I'm trying to filter records based on multiple HTTP paths and methods, such as /api/v1/users
with GET
and /api/v1/product
with POST
for a specific CallerId. However, with the current query I'm using, I'm only retrieving records for one path.
"query": {
"bool": {
"must": [
{
"match_phrase": {
"data.Identity.CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307"
}
},
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/product"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "POST"
}
}
]
}
},
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/users"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "GET"
}
}
]
}
}
],
"minimum_should_match": 1
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"from": 0,
"size": 10
}```
The query you have just works fine. Maybe because of the size: 10
the only result you see related to some specific path like data.RequestInfo.Path.keyword
. Check the following example.
POST _bulk
{ "index": { "_index": "http_requests", "_id": "1" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/users", "HttpMethod": "GET" } } }
{ "index": { "_index": "http_requests", "_id": "2" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/product", "HttpMethod": "POST" } } }
{ "index": { "_index": "http_requests", "_id": "3" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/orders", "HttpMethod": "POST" } } }
GET http_requests/_search
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"data.Identity.CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307"
}
},
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/product"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "POST"
}
}
]
}
},
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/users"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "GET"
}
}
]
}
}
],
"minimum_should_match": 1
}
}
]
}
},
"from": 0,
"size": 10,
"aggs": {
"NAME": {
"terms": {
"field": "data.RequestInfo.Path.keyword"
}
}
}
}