When you +Add filter you are given the option to Edit as Query DSL.

This link gives you details on how to use it, below are some great customer examples that will help you along the way..

Filter records based on a range of agent IP address subnets

Great to show out details for office and homeworkers, the * is a wild card.

{
"query": {
"bool": {
"should": [
{
"wildcard": {
"agentIPAddress.keyword": {
"value": "xxx.xxx.xxx.*",
"boost": 1.0
}
}
},
{
"wildcard": {
"agentIPAddress.keyword": {
"value": "xxx.xxx.xxx.*",
"boost": 1.0
}
}
},
{
"wildcard": {
"agentIPAddress.keyword": {
"value": "xxx.xxx.xxx.*",
"boost": 1.0
}
}
}
]
}
}
}

Multiple agents

FIlter based on multiple agents

{
"query" : {
"terms" : {
"agent.keyword": [
"youragent1@yourdomain.com",
"youragent2@yourdomain.com",
"youragent3@yourdomain.com",
],
"boost" : 1.0
}
}
}

If you have specific filtering requirements. just get in touch and we will work with you to create the DSL query.

Did this answer your question?