How to do subqueries in Kibana?

Yazid_S · April 4, 2022, 8:23am

Hi all,

I am exploring log files throught Kibana and I would like to extract the logs that are in error.
My problem is that in a day, a machine can be in error in the morning and not be in error in the afternoon. So I want to extract the error logs where the machine ID is not in the list of logs that are no longer in error.

If I had to do it in SQL it would be something like SELECT id WHERE status = 'ERROR' AND id NOT IN (SELECT id WHERE status = 'SUCCESS').

Is there a Kibana query or visualization that does this kind of thing ?

system · May 2, 2022, 8:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Subqueries in Kibana it that posible? Kibana kql-kibana-query-language	4	1047	December 5, 2022
Visualizing sql query in Kibana Kibana	2	216	August 18, 2022
Kibana Nested Query Kibana	3	4046	February 28, 2018
Kibana query filter by result of another saved search object field data Kibana	2	470	April 29, 2021
Any way to do something similar to SQL's "IN"/"NOT IN" other table? Kibana	10	451	February 13, 2020

How to do subqueries in Kibana?

Related Topics