Here is query which have made for elasctic: curl --user tunnus:salasana -XGET 'http://172.17.166.22:9200/logstash-2017.02.*/ui/_search?pretty' -d '{"size":0, "query" : {"bool": { "must" : {"terms": { "functionname": [ "BANK_PRODUCT_PRICING_CREATE", "BANK_PRODUCT_PRICING_DISCOUNT_CREATE", "BANK_PRODUCT_PRICING_SHOW", "PRODUCT_PRICING_CREATE_OR_UPDATE", "PRODUCT_PRICING_DELETE", "PRODUCT_PRICING_DISCOUNT_DELETE"] } },"must" : {"term": {"uichannel": "STP"} } }},"aggs": {"pankki": {"terms": {"field": "bankid"}, "aggs": {"konttori": {"terms": {"field": "branchid"}}} }}}' I should do similar query for SAS, pick up only "rows" which functionname is "BANK_PRODUCT_PRICING_CREATE", "BANK_PRODUCT_PRICING_DISCOUNT_CREATE", "BANK_PRODUCT_PRICING_SHOW", "PRODUCT_PRICING_CREATE_OR_UPDATE", "PRODUCT_PRICING_DELETE", "PRODUCT_PRICING_DISCOUNT_DELETE" and uichannel is STP.
... View more