Terms filter not working

[ngms17]

My rule config is like this:

filter:
- terms:
    rule.category: ["Denial of Service", "Executable code was detected", "A Network Trojan was detected", "Detection of a Denial of Service Attack", "Targeted Malicious Activity was Detected", "Exploit Kit A$
    suricata.eve.in_iface: ["enp3s0f0", "enp3s0f1"]

Although, this is not working giving me this error.

ERROR:root:Error running query: RequestError(400, 'x_content_parse_exception', '[terms] query does not support multiple fields')

[nsano-rururu]

look

terms does not support multiple fields
Yelp/elastalert#2109

[jertel]

Change your filter to:

filter:
- terms:
    rule.category: ["Denial of Service", "Executable code was detected", "A Network Trojan was detected", "Detection of a Denial of Service Attack", "Targeted Malicious Activity was Detected", "Exploit Kit A$
- terms: 
    suricata.eve.in_iface: ["enp3s0f0", "enp3s0f1"]

NOTE: This is an AND query, so both terms must match at least one entry in their value list.

[nsano-rururu]

The document has the following description, so it seems better to correct it.

https://elastalert2.readthedocs.io/en/latest/recipes/writing_filters.html#id1

current

- terms:
    fieldX: ["value1", "value2"]
    fieldY: ["something", "something_else"]
    fieldZ: ["foo", "bar", "baz"]

update

- terms:
    fieldX: ["value1", "value2"]
- terms:
    fieldY: ["something", "something_else"]
- terms:
    fieldZ: ["foo", "bar", "baz"]