I'm using an ELK stack to visualize data from server log files. I have a parameter called "_type" and it's unique for each server. It's all working fine, and I can do a (URL) query like:
query:(query_string:(analyze_wildcard:!t,query:'_type:server1'))
But I can't figure out how to have two (or more) "_type" parameters in my query. I would like to see "_type=server1" and "_type=server2" in the same chart.
Isn't that possible?
Thanks!
Try with
query:'_type:server1 OR _type:server2'. Relevant documentation section here.