-
Notifications
You must be signed in to change notification settings - Fork 0
/
group-by.json
71 lines (71 loc) · 2.13 KB
/
group-by.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
{
"size": 100,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-5m",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
},
{
"query_string": {
"query": "container_name: \"name-service\" AND x.level: \"error\" AND NOT x.msg: \"Cannot perform this task now.\"",
"fields": [],
"type": "best_fields",
"default_operator": "or",
"max_determinized_states": 10000,
"enable_position_increments": true,
"fuzziness": "AUTO",
"fuzzy_prefix_length": 0,
"fuzzy_max_expansions": 50,
"phrase_slop": 0,
"escape": false,
"auto_generate_synonyms_phrase_query": true,
"fuzzy_transpositions": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"_source": {
"includes": [
"_id",
"kubernetes.container_name",
"x.traceId",
"x.message",
"x.msg",
"short_message",
"container_name"
],
"excludes": []
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"aggregations": {
"msg": {
"significant_text": {
"size": 10,
"min_doc_count": 3,
"shard_min_doc_count": 0,
"field": "x.msg.keyword",
"jlh": {}
}
}
}
}