Search for multiple exact HTTP paths and methods
I'm trying to filter records based on multiple HTTP paths and methods, such as /api/v1/users with GET and /api/v1/product with POST for a specific CallerId. However, with the current query I'm using, I'm only retrieving records for one path.
"query": {
"bool": {
"must": [
{
"match_phrase": {
"data.Identity.CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307"
}
},
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/product"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "POST"
}
}
]
}
},
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/users"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "GET"
}
}
]
}
}
],
"minimum_should_match": 1
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"from": 0,
"size": 10
}```
Solution
The query you have just works fine. Maybe because of the size: 10 the only result you see related to some specific path like data.RequestInfo.Path.keyword. Check the following example.
POST _bulk
{ "index": { "_index": "http_requests", "_id": "1" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/users", "HttpMethod": "GET" } } }
{ "index": { "_index": "http_requests", "_id": "2" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/product", "HttpMethod": "POST" } } }
{ "index": { "_index": "http_requests", "_id": "3" } }
{ "data": { "Identity": { "CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307" }, "RequestInfo": { "Path": "/api/v1/orders", "HttpMethod": "POST" } } }
GET http_requests/_search
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"data.Identity.CallerId": "9C51E5FC-761E-4D54-82B9-6D41C9189307"
}
},
{
"bool": {
"should": [
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/product"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "POST"
}
}
]
}
},
{
"bool": {
"must": [
{
"match_phrase": {
"data.RequestInfo.Path": "/api/v1/users"
}
},
{
"match_phrase": {
"data.RequestInfo.HttpMethod": "GET"
}
}
]
}
}
],
"minimum_should_match": 1
}
}
]
}
},
"from": 0,
"size": 10,
"aggs": {
"NAME": {
"terms": {
"field": "data.RequestInfo.Path.keyword"
}
}
}
}
- bucket_script inside filter aggregation throws error
- Elasticsearch delete_by_query version conflict
- Case insensitive exact match in ElasticSearch
- How do I enable remote access/request in Elasticsearch 2.0?
- Fluent-bit - Splitting json log into structured fields in Elasticsearch
- Elasticsearch Devtools Queries (Regexp/Wildcard) - Not Working
- Elastic Search Analyzer at search time not working
- Elasticsearch 7.2.0: master not discovered or elected yet, an election requires at least X nodes
- Create TermsQuery with List<String> using elasticsearch java api client
- Elasticsearch: Use loop in Painless script
- How can I check nulls in Logstash pipeline in filter plugin?
- How to input a JSON file (array form) in Logstash?
- OpenTelemetry Export to Elastic Search without Elastic APM
- Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
- trying to pass params to elasticsearch getting null_pointer_exception
- 'Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes" error when indexing a list of dictionaries
- Regexp filter in Opensearch (or Elasticsearch)
- Shards and replicas in Elasticsearch
- Search document with empty array field, on ElasticSearch
- how to rename an index in a cluster?
- Merge two indices value by a common field in elasticsearch
- How to log using serilog to elasticsearch with Elastic.Serilog.Sinks in .net application
- How to provide index for Elastic.Serilog.Sinks
- Transform custom Docker logs into fluentd into elastic search
- How to connect securely to Elasticsearch with existing certificates?
- How to handle pagination when the source data changes frequently
- Configuring Elasticsearch and Kibana to work with each other without requiring enrollment token
- Kibana UI isn't load in browser
- Elastic search : multiple criterias on text search
- Elasticsearch: Job for elasticsearch.service failed