I tried running a query like NOT client.geo.country_iso_code: source.geo.country_iso_code, but it returned results where client.geo.country_iso_code == source.geo.country_iso_code
Anyone know what's wrong with my query? I want results where client.geo.country_iso_code != source.geo.country_iso_code
Hi @learningelastic KQL does not work like that ... it is using the right side as a literal .. it is not interpreting as a variable
so your query is actually this
NOT client.geo.country_iso_code == 'client.geo.country_iso_code'
return all documents where the the value of client.geo.country_iso_code is not equal to the literal 'client.geo.country_iso_code' and since no documents have that value it is returning all the documents.
Ooh ok that makes sense. Is it possible to treat the right side of the query as a variable or as a field?
Not today as far as I know.... You could open a feature request...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
