Thank you for let me know the other_bucket solution.
As for your error message,
{
"query": {
"bool": {
"filter": [
{ "range":
{
"@timestamp":
{
"gte": "2022-09-21T09:00:00.000Z",
"lte": "2022-09-21T09:30:00.000Z",
"format":"yyyy-MM-dd HH:mm:ss||strict_date_optional_time ||epoch_millis"
}
}
}
]
}
},
"aggs": {
"messages": {
"filters": {
"filters": {
"response_code":
{
"bool": {
"should": [
{
"match_phrase": {
"ResponseCode": "005"
}
},
{
"match_phrase": {
"ResponseCode": "008"
}
},...
]
}
},
"without_response":
{
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
}
}
}
}
}
will work.
Or, more simple without_response clause:
"without_response":
{
"match_all": {}
}
will also work.