Query written in dev console fails executing on Discovery page

Hi all,

I have written this KQL query in dev console, and it runs fine.

GET _search
{
  "query": {
    "bool" : {
        "must" : [
          {"exists": {"field": "kubernetes.deployment.replicas"}}
          ,
          {"range": {"@timestamp":{
            "gte": "now-30s"
          }}
          }
        ]
      }
    }
  }

I want to save it for reuse later, but then I figure out that it cannot be saved from the dev console. By googling I read from people that to save it , I need to copy the query onto the query input field on the discovery page, and from there , it can be saved.
That's what I am doing, but as soon as it is copped, it executes, and at best it stop with an error, at worst, it runs forever freezing my Kibana session.
Note that I do not copy over on discovery the GET_Search {"query": {}} enveloppe, but only its content:

    "bool" : {
        "must" : [
          {"exists": {"field": "kubernetes.deployment.replicas"}}          
          ,
          {"range": {"@timestamp":{
            "gte": "now-30s"
          }}
          }
        ]
      }

what works in discovery is just:
kubernetes.deployment.replicas.available : *
But i need the complex one as it need to be further developed.

Did i missed something ?
Any suggestion, somebody solved that ?
Thanks
Jean

there might be some naming-mishap happening here.

that query you showed and use in dev-tools is a raw Elastiscearch query-DSL statement.

If you try and copy-paste this into the query-bar, it's not going to work, because it's not a KQL-query. KQL is more of a syntax to write filters.

What you can do is use this in a filter-pill.

In Discover, click "Add filter" .

image1014×200 7.77 KB

and then use the "exists" setting

image858×604 36 KB

Note that the "range"-part is just a time-based expression ,so you could use the global time-selector (top right) for that

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.