I have two fields with the same value, 99% of the time. I'd like to filter down to just the entries where the two fields are NOT the same, is it possible to do something like [field1] != [field2]?
There are different ways of doing this depending upon which kibana features you're using. Here's how to express it in query form - Compare fields
Is that helpful? If not, let me know which version of kibana you're using and which feature and I'll figure out something more specific to your use case.
I'm on Elastic Stack 7.4.1.
That looks like it's for a scripted field? I was hoping I could use KQL or Lucene syntax. If not then a scripted field will work.
Thats a query with a script but you're correct, you could do something similar with a scripted field.
I couldn't find a way to match field values without a script, even when thinking about it in terms of elasticsearch capabilities.
You might consider performing the calculation at injest time depending upon the data you're working with. Scripted fields have some limitations that may or may not affect you.
I didn't realize you could embed a script within a query, thanks for the help. I don't want to do a scripted field or use logstash because it's really just a one and done thing. I was looking to see if something I did in Logstash was working properly.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.