DLS OR query

Lech_Szczecinski · June 15, 2018, 12:43pm

Search Guard and Elasticsearch version : 6.2.4 Enterprise demo
JVM version: 8 upd 171 (build 1.8.0_171-b11) ; operating system: Win 10

I need narrow data got from index to fulfilling 1 of 2 conditions on the same field. I’ve tried:

{
“bool”: {
“must”: {
“match”: {
“domain_name”: “(www.domain01.com) OR (www.domain02.com)”
}
}
}
}

but received no data.

What’s correct syntax for that? I know that “value” in match clause is evaluated “as is” but how to add OR operator on it?

Lech_Szczecinski · June 15, 2018, 1:34pm

{
“bool”: {
“must”: {
“terms”: {
“domain_name”: [
“www.domain01.com”,
“www.domain02.com”
]
}
}
}
}

W dniu piątek, 15 czerwca 2018 13:18:52 UTC+2 użytkownik Lech Szczecinski napisał:

···

Search Guard and Elasticsearch version : 6.2.4 Enterprise demo

JVM version: 8 upd 171 (build 1.8.0_171-b11) ; operating system: Win 10

I need narrow data got from index to fulfilling 1 of 2 conditions on the same field. I’ve tried:

{
“bool”: {
“must”: {
“match”: {
“domain_name”: “(www.domain01.com) OR (www.domain02.com)”
}
}
}
}

but received no data.

What’s correct syntax for that? I know that “value” in match clause is evaluated “as is” but how to add OR operator on it?

jkressin · June 15, 2018, 5:40pm

The DLS/FLS module uses regular ES queries, the syntax is exactly the same. The best way to troubleshoot DLS problems is to execute the configured DLS query directly against Elasticsearch. If this returns the expected results, it should also work with DLS.

···

On Friday, June 15, 2018 at 3:34:14 PM UTC+2, Lech Szczecinski wrote:

{
“bool”: {
“must”: {
“terms”: {
“domain_name”: [
“www.domain01.com”,
“www.domain02.com”
]
}
}
}
}

W dniu piątek, 15 czerwca 2018 13:18:52 UTC+2 użytkownik Lech Szczecinski napisał:

Search Guard and Elasticsearch version : 6.2.4 Enterprise demo

JVM version: 8 upd 171 (build 1.8.0_171-b11) ; operating system: Win 10

I need narrow data got from index to fulfilling 1 of 2 conditions on the same field. I’ve tried:

{
“bool”: {
“must”: {
“match”: {
“domain_name”: “(www.domain01.com) OR (www.domain02.com)”
}
}
}
}

but received no data.

What’s correct syntax for that? I know that “value” in match clause is evaluated “as is” but how to add OR operator on it?

Topic		Replies	Views
Document Level Security Statement Search Guard	5	725	September 3, 2019
Terms lookup in DLS query Search Guard	7	635	May 9, 2019
Document Level Security & nested search Search Guard	4	366	February 10, 2018
New release: Search Guard 52 for Elasticsearch 7.13.x and 7.10.2 Announcements	1	657	August 2, 2021
REST Management API - Cannot get it to work with DLS Search Guard	2	420	September 1, 2017

DLS OR query

Related topics