HI Team,
I am looking for a help, i am having some devices list (approx 900 devices) which are injecting logs to Elastic, i want help in finding the devices that never sent logs to elastic from my actual devices.
If any help it would be helpful.
Hello @Naveen.Bhonagiri,
Welcome to the community!
I'm not sure if I understood your question correctly. Are you trying to search for documents where the device-logs field (for example) does not exist? Are you using the Discover app?
If this is the case, you can search for documents that do not contain a value for this logs field by typing the following into your Kibana search bar: not device-logs:*.
Similarly, if you're looking to find documents where a value for the field exists, you can use: device-logs:*.
Do you mean they send other document, but not these logs? That's doable, as @Priscilla_Parodi said, but if you want the set of devices for which there are no documents in elastic that is a whole different question..
HI Team,
I am looking for the devices logs in elastic that were not injected till date.
is there any chance for that
In this case, if you don't have any documents in Elasticsearch for these devices and your goal is to filter and visualize these documents, it's ideal to have some kind of input (other fields) for devices that don't have logs when inserting documents into Elastic. This way, you'll be able to filter them in the Discover app as mentioned.
You can make unique list by hostname in Kibana, export in csv, and compare with your list.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.