Query Predicated on Another

plemarquand · September 20, 2017, 3:47pm

Hi,

I have two indexes, one called warnings and another, warning_settings.

warning_settings consists of documents with that simply contain a warning id and disabled: true/false.

I'd like to query all the warnings that don't have a corresponding warning_settings document with disabled: true, and then do your usual aggregations over that data to generate some nice visualizations in Kibana.

Is this possible with ES? I've got it working as a two step process, but doing this from Kibana seems to require a single query.

Here are the two queries I'm making right now:

GET warning_settings/_search
query: {
    match: {
       disabled: true,
    },
}

GET warnings/_search
query: {
    ...
    must_not: {
      terms: {
        id: [... ids returned from first query],
      },
    },
  },
},

Any help is greatly appreciated!

warkolm · September 22, 2017, 6:53am

That's not possible from Elasticsearch or Kibana.
You could do it with a Watch (via Alerting), but otherwise you'd need to do it in an external client.

system · October 20, 2017, 6:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create an alert based on contradicting logs Kibana	5	300	December 4, 2020
Kibana Query - match and not eixsts on same field in a single query Elasticsearch	9	1251	February 18, 2020
Alerting on index aggregation with filter Kibana elastic-stack-alerting	2	1122	September 6, 2022
Elasticsearch query - AND doesn't return values (when I know it should) Elasticsearch	1	632	July 5, 2017
Best way to look for a doc across multiple indices? Kibana	2	341	July 21, 2020

Query Predicated on Another

Related topics