Where to add a missing filter in this Kibana search

tbragin · July 4, 2015, 3:55pm

I don't completely understand what you're trying to do - could you explain our use case in more detail?

The Missing Filter in Elasticsearch does the opposite of what you described - it returns documents that are missing a specific field.

In general, if you want to use a Missing Filter query DSL in Kibana, you should wrap the filter into a constant_score query. Instead of inserting this into the .kibana index directly, I'd recommend pasting the JSON directly the search bar in Discover and then saving that query using the UI (see screenshot) -- it's much less error prone. You can then examine the object and see its structure in Settings >> Objects, if you wish (see mine below).

{
  "index": "logstash-*",
  "query": {
    "constant_score": {
      "filter": {
        "missing": {
          "field": "bytes"
        }
      }
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    },
    "fragment_size": 2147483647
  },
  "filter": []
}

Topic		Replies	Views
How do I perform a missing query search? Kibana	3	563	July 6, 2017
How to filter for field with value NULL? Kibana	4	28642	September 26, 2019
Match an empty field in kibana Kibana	4	30823	May 22, 2019
Filter by empty or non-existing field Kibana	2	16544	January 19, 2017
Filter document with not null value in Kibana Discover. Should I use "exist", but it still return me docs with empty field Kibana	4	20163	March 23, 2021

Where to add a missing filter in this Kibana search

Related topics