How to hide data from being counted/visualized?

rfc1925 · June 7, 2016, 7:59pm

Yes, i've searched here, the docs & google.

Elasticsearch 2.3.3 Logstash 2.3.2 Kibana 4.5.1

I want to hide content, specifically IP addresses from being analyzed in certain visualizations.

I see the logs hidden if I type "NOT src_ip:0.0.0.0"

I tried the below JSON in a visualization filter,
{
"must_not": [
{
"terms": {
"geoip.ip": "A.A.A.A"
}
},
{
"terms": {
"src_ip": "B.B.B.B"
}
}
]
}

And got:
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"search_parse_exception","reason":"Unexpected token START_ARRAY in [2].","line":1,"col":298}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-2016.06.07","node":"_m4iiLiMTxaIuqBc3zPenw","reason":{"type":"search_parse_exception","reason":"Unexpected token START_ARRAY in [2].","line":1,"col":298}}]}}

What am I doing wrong?

shaunak · June 7, 2016, 9:48pm

I think you are missing the top-level bool query element. Try this:

{ "bool": { "must_not": [ { "terms": { "geoip.ip": "A.A.A.A" } }, { "terms": { "src_ip": "B.B.B.B" } } ] } }

rfc1925 · June 10, 2016, 12:18pm

I had the bool, but that still wasn't helping. I opted to try a different path. Which has worked.

thanks for the help.

Topic		Replies	Views
Help... Query JSON Input filter Kibana	2	1747	July 6, 2017
How do you exclude subnets from search results in Kibana? Elastic Search	5	25	December 18, 2024
Can I apply filtering in specific buckets and not in the whole visualization in Kibana? Kibana	2	420	August 7, 2020
Creative solution to hiding already seen logs Kibana	6	877	December 26, 2016
Using logstash-filter-csv, unable to aggregate/visualize on integer fields Elasticsearch	7	1752	July 5, 2017

How to hide data from being counted/visualized?

Related topics