I have created a static custom index to hold the known hostnames of my machines and have the following items as shown below.
index: hosts
"hostname": [ "betty", "bob", "fred" ]I want to query my index below with the hostnames from my index above and return any names not found.
index: logstash-*
"system.auth.hostname": "betty"
"system.auth.hostname": "bob"My expected result would be to return the name fred since he wasn't found in the second index.
Any input would be appreciated. Thanks.