I have have data structured in the example of the table below ("-" = null):
transaction-id
field-1
field-2
trans-1
44
-
trans-1
-
12
trans-1
-
5
trans-2
10
-
trans-3
-
20
trans-4
-
-
I would like to filter/query in my searches/discover/visualization for all transaction-ids that have a value in field-1 AND in field-2 when looking/aggregating at the unique transaction-id.
So in this case the expected result from the search query would be all 3 trans-1 entries.
How can I achieve this in Kibana?
If I do KQL: NOT field-1 : null or NOT field-2 : null
I get trans-1, trans-2, trans-3 in my results
If I do KQL: NOT field-1 : null and NOT field-2 : null
I get no results at all
Hi,
thank you for you answer.
Unfortunately this is not the solution I am looking for.
This Search still shows trans-1, trans-2, trans-3 and not just the trans-1 lines.
I think in your document “-“ is actually the litteral value of the field so when you search for field1:* AND field2:* it would still include fields with “-“ so I would try (field1:* AND field2:*) AND NOT (field1:”-“ OR field2:”-“) this would give you all records with values in field1 and field2 and not the “-“ value. I am still confused about your use of transaction_id field so if this query I proposed isnt what you are looking for, can you clarify your final goal with query?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.