# https://lucene.apache.org/core/2_9_4/queryparsersyntax.html
# Grouping AND along with OR statement
(message:"ERROR" OR message:"WARN") AND (-message:"placeholder")
# Match anything except: GET /
* AND -message:"GET /"
# Match error logs "E," but ignore those that include "Failed Headline Fetch" or "GET /" or "INFO"
message:"E," AND -message:"Failed Headline Fetch" AND -message:"GET /" AND -message:"INFO"
# Specify a timeframe
message:"E," AND -message:"Failed Headline Fetch" AND @timestamp: [2015-06-11T10:00:00 TO 2015-06-11T21:00:00]