Hi, I'm new to the ELK stack. I am using Kibana 4.1. I was able to use the DSL Elasticsearch Query to launch searches in the Kibana Discover interface to capture a dataset, and then use this saved search to create a new Visualization widget and toolbar in Kibana. My Elasticsearch request looks like
{
"bool" : {
"must" : [
{
"match" : { "service" : "servicename" }
},
{
"match_phrase" : { "msg" : "Trying to get security token for user: joe" }
}
],
"minimum_should_match" : 1,
"boost" : 1.0
}
}
- this will fix any login events for the user: joe. If I wanted to search for login events for the user: sue I would have to modify this part of the above query request to look like
"match_phrase" : { "msg" : "Trying to get security token for user: sue" }
, Elalesearch Query DSL Kibana Discover curl - , , .
, , , Elasticsearch/Kibana. - , ? !