New to Kibana/ES; need syntax help.
I have a query w/3 filter conditions that basically goes like this: If Type="movement" and X=32 AND Y=33, then label this document as "Hazard".
I can get the query filters to work (Type:"movement" AND X:32 AND Y:33). But, how do I then label these documents as "Hazard" so that I can do additional queries on just the term "Hazard"??? Do I create a tag, a field, or something else? How do I do that?
Is sounds like you already have this part figured out - but you can edit a filter and utilize the boolean query to achieve what you're looking for:
In regards to utilizing a field to make it easier to lookup: The best option would be to add the field to the document when it's indexed. I understand that this is not always possible. Another option would be to use a scripted field. This would work for general querying, but won't work for visualizations when the field is used for aggregations.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
