Hi Experts,
I have very strange issue . I have a field which contains event id's .So it is like
baseEventIds:11464812479 OR 11464812477 OR 11464812476
Now when I filter the event based on this field I am getting nothing , but when I just put 11464812479 OR 11464812477 OR 11464812476 in the kibana search bar i am getting results .Not sure what is happening, i mean what is the problem while applying a filter ? i am applying a filter by jusy clicking the filed baseEventsId.
it works fine when I just place directly in search bar something like
baseId:11464812479 OR 11464812477 OR 11464812476
Thanks
VG
You're using the OR boolean operator where it can't be used. It's only valid in query strings, not in field filters.
Also, while "baseId:11464812479 OR 11464812477 OR 11464812476" works it doesn't do what you expect it to. It does not translate to
baseId:11464812479 OR baseId:11464812477 OR baseId:11464812476
but to
baseId:11464812479 OR default_field:11464812477 OR default_field:11464812476
where default_field is the index-specific default field for queries, which by default is _all, i.e. all fields in the document. In other words, your query will match any document with 11464812477 or 11464812476 in any field.
Thank you ,I got you point Magnus