Hi
I have data like this:
{"type":"tag","id":"1234"}
{"type":"hit","id":"1234"}
{"type":"tag","id":"4444"}
{"type":"tag","id":"3333"}
{"type":"hit","id":"3333"}
{"type":"tag","id":"2222"}
{"type":"hit","id":"2222"}
{"type":"tag","id":"1111"}
{"type":"tag","id":"5555"}
{"type":"hit","id":"5555"}
{"type":"tag","id":"6666"}
{"type":"hit","id":"6666"}
And I need to find all the ids that has type tag but don't have type hit
I expect the result to be:
id:1111 and id:4444
Thanks
anyone please....
I do not think this is currently possible in Kibana. One way to get around this potential limitation would be to create an entity centric index based on the ID to visualise this information.
HI,
Did you try using "Filter" option in the bucket, that should do the trick. In the filter option you can specify the field you want and it also supports a NOT (!) operator.
Lucene query syntax should allow you to apply a filter of the complexity you require:
type:"tag" AND NOT type:"hit"
After that - you can run a Terms aggregation on IDs (similar idea with different data):
thank for the replay,
your case is different because you are searching from two different fields
I need to find the IDs that has just one type, that mean I need to run an aggregation of IDs that has unique type - distinct search.
that could't be done with Lucene
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
