How to do “where not exists” type filtering in Kibana/ELK?

Question

I am using ELK to create dashboards from my log files. I have a log file with entries that contain an id value and a \"success\"/\"failure\" value, displaying whether an operati

Answer 1

In newer ELK versions (I think after Elasticsearch 6) you should use field:* to check if the field exist and not field:* to check if it's missing.

elastic search reference: https://www.elastic.co/guide/en/elasticsearch/reference/6.5/query-dsl-query-string-query.html#_wildcards