I am using Elasticsearch 5.4.1 and Kibana 5.4.1 . When I try to perform filter aggregations on field values using fieldName:fieldValue , I get no results.However when I only enter the fieldValue as a filter I obtain a list with matching field values from all the fields.
I captured the request using chrome developer tools.Following request is fired when I use fieldName:fieldValue (Response Status:200 , where Response Status is field with values 200,400,500)
{"index":"logstash-","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":""}},{"range":{"@timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"@timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"Response Status:200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-Response Status:200","analyze_wildcard":true}}}}}}}}}
But when I use only fieldValue (200) below request is fired:
{"index":"logstash-","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":""}},{"range":{"@timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"@timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-200","analyze_wildcard":true}}}}}}}}}
I am not able to figure out the issue.
Thanks in advance.
