Hi Experts,
I have logs and most of them have "baseId" filed in it . But some logs don't have this field at all .I want to search those logs which does not have baseid in it . So out of exist , Missing filter , which will be the best option and why ?
Thanks
VG
IIRC missing will be removed.
So a bool query with a must not clause and exist query should work well.
so something like
{ "filter" : {"bool" : {"must_not" : {"exists":{"field":"baseEventIds"}}}}}
So I will be using must_not as I want those logs which must not have baseEventids field in it ?
You don't need the filter part. Depending on the context that might be a post_filter which isn't really what you want (probably).
If you are in 1.x you'd do a filtered query I believe.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.