无法使用"OR"带有"NOT _exists_"的字样；在Kibana 6.8.0搜索栏中 [英] Cannot use "OR" with "NOT _exists_" in Kibana 6.8.0 search bar

问题描述

我正在尝试在Kibana搜索栏中创建一个查询以检索某些特定文档. 目标是获取在2019-10-08之前具有字段"myDate"或不存在"myDate"的文档. 我的文件符合一个或另一个条件.

I am trying to create one query in the Kibana search bar to retrieve some specific documents. The goal is to get the documents that either have the field "myDate" before 2019-10-08 or "myDate" does not exist. I have documents that meet one or the other condition.

我首先创建了此查询:

    myDate:<=2019-10-08 OR NOT _exists_:myDate

但是没有退回任何文件.

But no documents were returned.

由于它不起作用，我尝试了一些其他在线查找方法:

Since it did not work, I tried some other ways i found online :

    myDate:<=2019-10-08 OR NOT (_exists_:myDate)
    myDate:<=2019-10-08 OR !(_exists_:myDate)
    myDate:<=2019-10-08 OR NOT (myDate:*)

但仍然没有结果.

当我使用"OR"条件的部分"时，它可以正常工作:我得到的文档具有myDate< = 2019-10-08或没有填写"myDate"字段的文档.

When I use either "part" of the "OR" condition, it works perfectly : I get either the documents who have myDate<=2019-10-08 or the ones that do not have a "myDate" field filled.

但是当我同时尝试这两种情况时，我没有得到任何文件.

But when I try with both conditions, I get no document.

我只需要使用搜索栏来查找这些文档，既不能使用elasticsearch rest查询，也不必使用kibana过滤器.

I have to use only the search bar to find these documents, neither an elasticsearch rest query nor by using kibana filters.

谢谢您的帮助:)

推荐答案

以下查询有效.使用kibana中的Inspect按钮查看实际触发了哪些查询，并确保您还使用了正确的索引模式.

Below query works. Use Inspect button in kibana to see what query is actually being fired and make sure you are using correct index pattern as well.

(myDate:<=2019-12-31) OR (NOT _exists_:myDate)

看看

Take a look at Query DSL documentation for Boolean operators for more better understanding with different use cases

这篇关于无法使用"OR"带有"NOT _exists_"的字样；在Kibana 6.8.0搜索栏中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！