Query for an empty string?

rthompson · April 20, 2017, 2:16pm

I am trying to query for an empty string and am having little luck. I have a set of logs with the field 'CharacterId', some of which have a value and others that do not. [http://i.imgur.com/xMmxKFZ.png]Here is an example.(http://i.imgur.com/xMmxKFZ.png). Basically I need to differentiate between the two for visualization purposes but am unable to filter them in this manner. I have tried:

CharacterId:""
CharacterId: " "
-CharacterId:""
"CharacterId:"""
CharacterId:[]
CharacterId:
_exists_:CharacterId
!(_exists_:CharacterId)

Any tips on how to filter by this field being empty or not?

weltenwort · April 20, 2017, 6:24pm

Hi @rthompson,

in order to be able to perform that kind of query, the field has to be indexed as the keyword type. Otherwise it would be analyzed by Elasticsearch's full-text analyzer, which tokenizes the string, and therefore makes queries for whitespace impossible. For fields of type keyword the query field:"" should match all documents with an empty string in that field.

rthompson · April 20, 2017, 6:38pm

Thanks @weltenwort! Querying by keyword allows me to filter them appropriately:

CharacterId.keyword:""
!(CharacterId.keyword:"")

system · May 18, 2017, 6:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match an empty field in kibana Kibana	4	30831	May 22, 2019
How to match a empty value field Kibana	3	6043	February 2, 2018
Searching array for empty string causes tab lockup and shows garbage Kibana	5	379	September 15, 2022
Question about behavior of query_string Elasticsearch	1	369	March 30, 2018
Kibana 6.6.1 - show only Docs where Field has a value Kibana	2	934	April 8, 2019

Query for an empty string?

Related topics