Query ES -combine exists with term query

yaara · May 15, 2018, 1:45pm

Hi all,
I trying to get the latest row that has the field "inventory", but I also want to filter it with specific ip:
something like that:


GET discovery/hosts/_search
{
  "_source": [
    "inventory"
  ],
  "query": {
    "query": {
      "term": {
        "ip_address": "192.168.200.14"
      },
      "exists": {
        "field": "inventory"
      }
    }
  },
  "sort": {
    "timestamp": "desc"
  },
  "size": 1
}

it doesnt work, however if I query with only the term ot the exists (without the other), it works. I get the data differently so I assume that's why it doesnt work together because there's something I'm missing.

an idea how can I get all rows with that IP which has the "inventory" field (not null)?

thanks

yaara · May 15, 2018, 2:06pm

Got it


GET discovery/hosts/_search
{
  "_source": [
    "inventory",
    "nmap.ostype",
    "nmap.product"
  ],
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "ip_address": "192.168.200.14"
          }
        },
        {
          "exists": {
            "field": "inventory"
          }
        }
      ]
    }
  },
  "sort": {
    "timestamp": "desc"
  },
  "size": 1
}

system · June 12, 2018, 2:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.