Skip to content

Instantly share code, notes, and snippets.

@orweinberger

orweinberger/es.json

Last active August 29, 2015 14:21
Show Gist options
  • Save orweinberger/48c76a6686527a2e5277 to your computer and use it in GitHub Desktop.
Save orweinberger/48c76a6686527a2e5277 to your computer and use it in GitHub Desktop.
Download ZIP
Elasticsearch query examples
Raw
es.json
/* Simple query */
{
"query": {
"bool": {
"must": {
"match": {
"host": "10.168.233.28"
}
}
}
}
}
/* Multiple conditions */
{
"query": {
"bool": {
"must": [
{
"match": {
"host": "10.168.233.28"
}
},
{
"match": {
"severity_label": "Notice"
}
}
]
}
}
}
/* Simple aggregation */
{
"query": {
"bool": {
"must": [
{
"match": {
"host": "10.168.233.28"
}
},
{
"match": {
"severity_label": "Notice"
}
}
]
}
},
"aggs": {
"severity_agg": {
"terms": {
"field": "severity_label"
}
}
}
}
/* Unique count (cardinality) */
{
"size": 1,
"query": {
"bool": {
"must": [
{
"match": {
"severity_label": "Notice"
}
}
]
}
},
"aggs": {
"severity_agg": {
"cardinality": {
"field": "host"
}
}
}
}
/* Multiple aggregations */
{
"size": 1,
"query": {
"match_all": {}
},
"aggs": {
"day": {
"date_histogram": {
"field": "@timestamp",
"interval": "day"
},
"aggs": {
"severity": {
"terms": {
"field": "severity"
},
"aggs": {
"host": {
"cardinality": {
"field": "host"
}
}
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment