elasticsearch / kibana 4:字段存在但不等于值
[英]elasticsearch / kibana 4: field exists but is not equal to a value
问题描述
elasticsearch version 1.4.5 
elasticsearch版本1.4.5
kibana 4.1.1 kibana 4.1.1
logstash 1.5.2-1 logstash 1.5.2-1
How do I structure a search in the discover tab of kibana 4 that only returns results if a field exists but is not equal to a specific value? 如何在kibana 4的discover选项卡中构建搜索,只有在字段存在但不等于特定值时才返回结果?
I have some apache log data in logstash and I want to return all entries that have status_code defined but not equal to 200. So if the possible values are {undefined, 200, 403, 404, 500, etc} I would like to see all variants of 4xx and 5xx errors but not messages where the field is not defined and not where it is set to 200. 我在logstash中有一些apache日志数据,我想返回所有已定义status_code但不等于200的条目。因此,如果可能的值为{undefined,200,403,404,500等}我希望看到所有4xx和5xx错误的变体,但没有定义字段的消息,而不是设置为200的消息。
I have tried the following: 我尝试过以下方法:
+status_code: (*) -status_code: (200)
((status_code: (*) AND NOT status_code: (200))
I also see references to elasticsearch curl queries but I'm not sure how to turn them into something that I can use in the kibana search bar. 我也看到了对elasticsearch curl查询的引用,但我不知道如何将它们变成我可以在kibana搜索栏中使用的东西。 Here is an example: 这是一个例子:
{
"query": {
"constant_score": {
"filter": {
"bool": {
"must": {
"exists": {
"field": "status_code"
}
},
"must_not": {
"term": {
"status_code": '200'
}
}
}
}
}
}
}
Thanks! 谢谢!
2 个解决方案
解决方案1
54 已采纳 2015-09-10 02:28:08
解决方案2
5 2015-09-10 21:07:19
之前的答案正是我所要求的,但是,这也很有用:
status_code:[300 TO 600]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.