Good Morning!
I need to perform a Range query in Kibana, but have run into a problem. From the Discover tab, I need to perform this query (count(sourcename:"name") >= 1 )to get back a list of documents. I have not figured how to use the range syntax of field:[* TO 100] to work for my query because I need the count function first. Is this query from the Discover tab and if so, I would appreciate some guidance.
Thank you!!
Could you provide an example of one of your documents? I'm not understanding how you can have a count where sourcename is name for a single document, unless sourcename is an array or something.
Hello Lukas!
Thank you for your reply. Sorry, that I did not mention that. Yes, sourcename is an array. I will get an example if you still need it?
Which version of Kibana are you using? If you're using something prior to 6.3, you'll have to use a script query to accomplish this.
So it'd be something like this you'd paste into the query bar:
{
"script" : {
"script" : {
"source": "for (int i = 0; i < doc['sourcename.keyword'].length; ++i) { if (doc['sourcename.keyword'][i].equals('name')) { return true; } } return false;",
"lang": "painless"
}
}
}
Hello Lukas:
Thank you very much for your response! At the moment, we are using 6.2.2. But will be upgrading to 6.3.2 next week. Is the syntax in 6.3 very much different?
Thank you,
You can do the same thing in 6.3.x, but we've added a few features to make this sort of thing easier in 6.3+.
You can create a scripted field (in your index pattern settings), and set the script to something like this:
int total = 0;
for (int i = 0; i < doc['sourcename.keyword'].length; ++i) {
if (doc['sourcename.keyword'][i].equals('name')) total++;
}
return total;
Then, in 6.3+, there is an Options link in the query bar, which has a toggle to enable advanced query features. If you enable this, you can use scripted fields in your query. For example, if I had named the scripted field sourcename_name, then I could simply do a query in the query bar like this: sourcename_name >= 1
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.