Query ES -combine exists with term query

yaara · May 15, 2018, 1:45pm

Hi all,
I trying to get the latest row that has the field "inventory", but I also want to filter it with specific ip:
something like that:


GET discovery/hosts/_search
{
  "_source": [
    "inventory"
  ],
  "query": {
    "query": {
      "term": {
        "ip_address": "192.168.200.14"
      },
      "exists": {
        "field": "inventory"
      }
    }
  },
  "sort": {
    "timestamp": "desc"
  },
  "size": 1
}

it doesnt work, however if I query with only the term ot the exists (without the other), it works. I get the data differently so I assume that's why it doesnt work together because there's something I'm missing.

an idea how can I get all rows with that IP which has the "inventory" field (not null)?

thanks

yaara · May 15, 2018, 2:06pm

Got it


GET discovery/hosts/_search
{
  "_source": [
    "inventory",
    "nmap.ostype",
    "nmap.product"
  ],
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "ip_address": "192.168.200.14"
          }
        },
        {
          "exists": {
            "field": "inventory"
          }
        }
      ]
    }
  },
  "sort": {
    "timestamp": "desc"
  },
  "size": 1
}

system · June 12, 2018, 2:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query help request Elasticsearch	2	466	May 19, 2017
Exists query Elasticsearch	2	313	July 6, 2017
How can we use exists query in tandem with the search query in Elasticsearch Elasticsearch	1	420	February 8, 2017
How can I add a second exist query? Elasticsearch	3	333	June 14, 2019
Exists query not working on some fields in my index (version 5.1.1) Elasticsearch	2	1209	May 10, 2017

Query ES -combine exists with term query

Related topics