hello team
Im using Opendistro 6.7.1 and trying to create some alerts from Kibana to custom url.
I have attached my query below. Im getting the correct count under discover when filtering with the keyword (eg: “ERROR” and hits = 100+for last 1 hour ) however when I run the query with the same time period, it shows 0
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@fb_timestamp": {
"from": "now-1h",
"to": null,
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
},
{
"multi_match": {
"query": "ERROR",
"fields": [],
"type": "phrase",
"slop": 0,
"prefix_length": 0,
"max_expansions": 50,
"lenient": false,
"zero_terms_query": "NONE",
"auto_generate_synonyms_phrase_query": true,
"fuzzy_transpositions": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
Not sure if there is anything is missing from the query ? Any help would be great !