Problem Query ElasticSearch

Sam67000 · April 13, 2017, 12:34pm

Hello Everyone ,

I have a problem with Elasticsearch and I need help.

I have logs and With logstash I extract several information that I place in different fields.
And when I do a search on elasticsearch so that it only returns a particular field, it shows me only the precise field but it also shows me all the documents that don't contain this field.

for example when I run the following query :

ES send me this :

And I want ES show me only the first document with the "Pilote" field.
The other documents don't contain this field.

I hope you understand my problem and that you could help me.

Thaaanks

krmathieu · April 18, 2017, 8:36pm

You should update your query to use bool logic and add a condition that states that the Pilote field must exist. I believe your problem is that all of the records meet the connid condition, but only the one has the field that you are interested in. You may have to play with this example, but it should be close.

Kevin

{
	"size": 290,
	"_source": ["Pilote"],
	"query": {
		"bool": {
			"must": [
			  		{"exists": {"field": "Pilote"}},
					{"match": {"connid": "00cc029a5c1d3859"}
				}
			]
		}
	}
}

Sam67000 · April 19, 2017, 8:08am

Thank you very much, Kevin !!!!! It works wonders !!!

system · May 17, 2017, 8:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.