Query field doesn't exist or have a special value

fetch · October 31, 2019, 3:00pm

Hello,

I'm using ELK 6.8.2.

I have a set of data where the field "system" can either have a value or doesn't exist at all.

The queries NOT _exists_: system and system: value works fine. However, as soon as I try to combine them at a single query NOT _exists_: system OR system: value, ES returns 0 results.

What's wrong with the query and how can I get the desired results?

abdon · November 4, 2019, 9:07pm

When using multiple boolean operators, it's a good idea to use parentheses as these operators do not honor the usual precedence rules. Try writing your query like this:

(NOT _exists_: system) OR (system: value)

fetch · November 15, 2019, 5:47am

Thanks, it works!

Topic		Replies	Views
How to query for empty field or specific value Elasticsearch	3	10537	March 16, 2018
How to search by an specific value or where field does not exists in Elasticsearch with and condition Elasticsearch	3	806	March 4, 2020
Handling Null Values Elasticsearch	7	5255	December 14, 2017
Must_not field exists query returning documents with those fields excluded Elasticsearch	3	1551	June 15, 2018
Elasticsearch DSL query, exists and not exists fields Elasticsearch eql-elastic-query-language	1	863	October 27, 2021

Query field doesn't exist or have a special value

Related topics