I am trying to configure a Monitor for some log pattern.
On creating so, I am limited to create only one data filter.
I want to create filter based on 2 fields message and beat_agent.hostname which is present in my log record.
Can someone help on how to achieve multiple data filters.
Hi Vignesh,
Currently, the visual editor only allows for one data filter. Feel free to open a Github issue or contribute a PR for additional data filter support though. As a workaround, you can save the monitor in the visual editor and then edit it in the extraction query editor to add another filter.
Let me know if you have any other questions.
Hi,
it works perfectly, thanks. I searched for this question, as well.
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-10m",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
},
{
"match_phrase": {
"agent.hostname": {
"query": "hostname",
"slop": 0,
"zero_terms_query": "NONE",
"boost": 1
}
}
},
{
"match_phrase": {
"message": {
"query": "hello",
"slop": 0,
"zero_terms_query": "NONE",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
@jst I’m glad we were able to help and that it showed up in the search results efficiently. The Alerting team opened an issue to add more fields to the UI. If anyone is interested in contributing, this would be a great first issue. [FEATURE] Support multiple data filters through visual editor view in monitor creation page · Issue #432 · opensearch-project/alerting-dashboards-plugin · GitHub