How to do “where not exists” type filtering in Kibana/ELK?

前端未结

关注

 4  1789

谎友^ 2021-02-02 06:05

I am using ELK to create dashboards from my log files. I have a log file with entries that contain an id value and a \"success\"/\"failure\" value, displaying whether an operati

4条回答

一个人的身影 (楼主)

2021-02-02 06:39
! (_exists_:NAME) is not working for me. I use suggestion from:

https://discuss.elastic.co/t/kibana-5-0-0--missing--is-not-working-anymore/64336
```
NOT _exists_:NAME
```
UPDATE The problem I faced is that ES syntax forbids spaces after negation operators. Use one of:
```
NOT _exists_:FIELD
!_exists_:FIELD
-_exists_:FIELD
```
Check tutorial: https://www.timroes.de/2016/05/29/elasticsearch-kibana-queries-in-depth-tutorial/

NOTE: In Elasticsearch 7.x, Kibana now has a pull down to select KQL or Lucene style queries in the search bar. Be mindful that syntax such as _exists_:FIELD is a Lucene syntax and you need to set the pulldown accordingly.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...