Well the the Perl module certainly doesn't complain about the syntax, but
it stil doesn't manage to output anything other than the "notice" severity ?
$ perl test.pl | fgrep "severity"
'severity' => 'notice'
'severity' => 'notice',
'severity' => 'notice',
'severity' => 'notice',
'severity' => 'notice',
'severity' => 'notice',
'severity' => 'notice'
'severity' => 'notice',
'severity' => 'notice',
'severity' => 'notice',
$ cat test.pl
#!/usr/bin/perl
use 5.014;
use strict;
use warnings;
use autodie;
use Data::Dumper;
use Search::Elasticsearch;
my $e = Search::Elasticsearch->new();
my $results = $e->search(
index => 'logstash-2014.08.13',
body => {
query => {
#match => { severity => 'notice'}
"bool" => {
"should" => [
{match => { severity => 'notice'}},
{match => { severity => 'info'}}
]
}
}
}
);
print Dumper($results);
On Wednesday, 13 August 2014 11:40:42 UTC+1, Jörg Prante wrote:
>
> Try this to search "notice" or "info" severity.
>
> my $results = $e->search(
> index => 'logstash-2014.08.13',
> body => {
> query => {
> "bool" => {
> "should" => [
> { match => { severity => 'notice'} },
> { match => { severity => 'info'} }
> ]
> }
> }
> }
> );
>
>
> Jörg
>
>
> On Wed, Aug 13, 2014 at 12:01 PM, Log Muncher <railroad...@gmail.com
> <javascript:>> wrote:
>
>> Hi,
>>
>> Simple question, but there seems to be a lack of detailed examples for
>> using the otherwise very useful Search::Elasticsearch CPAN module !
>>
>> I'm getting syslog data into elasticsearch via fluentd.
>>
>> What I'd like to do now is run a perl search that will give me results
>> for notice, emerg and crit events. As a test (seeing as I don't get many
>> emerg/crit events !), I've tried the below, but it only seems to pick up
>> notice events and doesn't return any info events !
>>
>> Help welcome !
>>
>> Thanks.
>>
>> Tim
>>
>> #!/usr/bin/perl
>>
>> use 5.014;
>> use strict;
>> use warnings;
>> use autodie;
>>
>> use Data::Dumper;
>> use Search::Elasticsearch;
>>
>> my $e = Search::Elasticsearch->new();
>>
>> my $results = $e->search(
>> index => 'logstash-2014.08.13',
>> body => {
>> query => {
>> "bool" => {
>> "must" => {match => { severity => 'notice'},match
>> => { severity => 'info'}}
>> }
>> }
>> }
>> );
>>
>> print Dumper($results);
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/42e60034-655f-46ca-979e-308b0e7532e3%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/elasticsearch/42e60034-655f-46ca-979e-308b0e7532e3%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1967d9c9-e53e-4037-803c-586dce6a6568%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
