How can I search for events that doesn't have a particular field indexed on
it?
I need this because I don't setup the null_value attribute for the fields
in my logstash template. So, if the event not comming with that field, the
field it will not added to that document, as explained here:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-core-types.html
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
if i understand your question correctly, i think you can use this syntax.
missing:"@fields.fieldname"
HTH,
byron
On Thursday, November 7, 2013 8:06:03 AM UTC-5, Bruno Galindro da Costa
wrote:
How can I search for events that doesn't have a particular field indexed
on it?
I need this because I don't setup the null_value attribute for the fields
in my logstash template. So, if the event not comming with that field, the
field it will not added to that document, as explained here:
Elasticsearch Platform — Find real-time answers at scale | Elastic
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.