How to do subqueries in Kibana?

Yazid_S · April 4, 2022, 8:23am

Hi all,

I am exploring log files throught Kibana and I would like to extract the logs that are in error.
My problem is that in a day, a machine can be in error in the morning and not be in error in the afternoon. So I want to extract the error logs where the machine ID is not in the list of logs that are no longer in error.

If I had to do it in SQL it would be something like SELECT id WHERE status = 'ERROR' AND id NOT IN (SELECT id WHERE status = 'SUCCESS').

Is there a Kibana query or visualization that does this kind of thing ?

system · May 2, 2022, 8:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating a subquery - similar to SQL "not in or not exists" Kibana	6	2479	July 6, 2017
Subqueries in Kibana it that posible? Kibana kql-kibana-query-language	4	1072	December 5, 2022
Visualizing sql query in Kibana Kibana	2	217	August 18, 2022
Kibana Nested Query Kibana	3	4049	February 28, 2018
Kibana query filter by result of another saved search object field data Kibana	2	472	April 29, 2021

How to do subqueries in Kibana?

Related topics