I want to ignore a list of patterns from a match before alerting. I understand we can do this with AND NOT in query, but is there a cleaner way to do this, because my ignore list is huge and trying to squeeze in a single query will be too hard to maintain.
I tried the below and couldn't get it to work. I would like to have a solution similar to this, were I can keep adding a dynamic list to ignore.
filter:
query:
bool:
must:
query_string:
query: "message: SEVERE message: FATAL"
I want to ignore a list of patterns from a match before alerting. I understand we can do this with AND NOT in query, but is there a cleaner way to do this, because my ignore list is huge and trying to squeeze in a single query will be too hard to maintain.
I tried the below and couldn't get it to work. I would like to have a solution similar to this, were I can keep adding a dynamic list to ignore.
filter:
As per my requirement, all messages matching SEVERE should be reported except SEVERE.IOException and SEVERE.ParserException
Kindly help