shantanuo
Reputation: 32296
Adding where clause to aggregate query
This is the query kibana has generated and it works as expected. But I want to add one more where clause to the query. The eventname should not start with "Describe" or "List".
{
"size": 0,
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*",
"analyze_wildcard": true
}
},
{
"range": {
"@timestamp": {
"gte": 1490867646696,
"lte": 1493459646696,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
},
"_source": {
"excludes": []
},
"aggs": {
"2": {
"terms": {
"field": "eventName.keyword",
"size": 5000,
"order": {
"_count": "desc"
}
}
}
}
}
Update: I am not sure if this will correctly exclude the records.
"must_not": [
{
"prefix" : { "eventName.keyword" : "Describe" }
},
{
"prefix" : { "eventName.keyword" : "List" }
}
]
How to get this query back into kibana?
Upvotes: 0
Views: 128
Answers (1)
avr
Reputation: 4883
You can achieve the expected results either of following ways:
Method-1: Customizing existing query_string query
Replace default query_string query * from Kibana search bar with following query string:
!(eventName.keyword: Describe* OR eventName.keyword: List*)
Method-2: Adding filters in Kibana
- Add filter in Kibana as described here
- Then edit the filter and replace whole filter with following code:
`
{
"query": {
"bool": {
"must_not": [
{
"prefix": {
"eventName.keyword": "Describe"
}
},
{
"prefix": {
"eventName.keyword": "List"
}
}
]
}
}
}
`
Upvotes: 1
Related Questions
- Is it possible to run an elasticsearch aggregation query in Kibana?
- filtering an elasticsearch query by aggregations
- Aggregation on query in Elasticsearch
- Elasticsearch Group by query with custom aggregation logic
- Elasticsearch filter after aggregation
- ElasticSearch: Aggregating on field key
- Elasticsearch aggregation and filters
- Elastic Search Sum aggregation with group by and where condition
- Elasticsearch filter in Aggregation data
- Elasticsearch: how to scope aggregations to your query and filter?