Complete the code to create a basic search query in Elasticsearch.
{
"query": {
"match": {
"message": "[1]"
}
}
}The match query searches for the term inside the specified field. Here, we want to find documents where the message field contains the word error.
Complete the code to filter documents where the status is 'active'.
{
"query": {
"bool": {
"filter": {
"term": { "status": "[1]" }
}
}
}
}The term filter matches documents where the status field exactly equals active.
Fix the error in the aggregation to count documents by user.
{
"aggs": {
"users_count": {
"terms": { "field": "[1]" }
}
}
}To aggregate by a keyword field (exact value), use the .keyword subfield. This ensures the aggregation counts exact user names.
Fill both blanks to create a date histogram aggregation for monthly data.
{
"aggs": {
"sales_over_time": {
"date_histogram": {
"field": "[1]",
"interval": "[2]"
}
}
}
}The date_histogram aggregation groups data by time intervals. Use the date field sale_date and set the interval to month to group sales monthly.
Fill all three blanks to create a filtered aggregation counting errors in the last 7 days.
{
"query": {
"bool": {
"filter": [
{ "term": { "level": "[1]" } },
{ "range": { "timestamp": { "gte": "now-[2]d/d" } } }
]
}
},
"aggs": {
"error_count": {
"value_count": { "field": "[3]" }
}
}
}This query filters logs where the level is error and the timestamp is within the last 7 days. The aggregation counts the number of message fields, representing error occurrences.