How to do “where not exists” type filtering in Kibana/ELK?

Question

I am using ELK to create dashboards from my log files. I have a log file with entries that contain an id value and a \"success\"/\"failure\" value, displaying whether an operati

Answer 1

This is easy in Kibana 5 search bar. Just add a filter

!(_exists_:"your_variable") 

you can toggle the filter or write the inverse query as

_exists_:"your_variable"

---

In Kibana 4 and Kibana 3 you can use this query which is now deprecated

_missing_:"your_variable"  

---

NOTE: In Elasticsearch 7.x, Kibana now has a pull down to select KQL or Lucene style queries in the search bar. Be mindful that syntax such as _exists_:FIELD is a Lucene syntax and you need to set the pulldown accordingly.