I have json document in ES like this:
{
"indicators":
{
"i1": { ... }
},
{
"i2": { ... }
}
}
The indicators is a map from string key to object. I need to select document which contains particular key.
Trying to query it like this from Kibana UI:
indicators.i2 :*
But this doesn't work. What is the correct query in such case?
As far as I can understand, you need to get those documents that contain a particular field (in your case suppose the field is indicators.i1)
To achieve the required results, you need to use exists query.
Adding a working example with index data and search query
Index Data:
POST tidx/_doc/1
{
"indicators": [
{
"i1": {
"city": "indore"
}
},
{
"i2": {
"city": "bangalore"
}
}
]
}
POST tidx/_doc/2
{
"indicators": [
{
"i2": {
"city": "bangalore"
}
}
]
}
Search Query:
POST tidx/_search
{
"query": {
"exists": {
"field": "indicators.i1"
}
}
}
Search Response:
"hits" : [
{
"_index" : "tidx",
"_type" : "_doc",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"indicators" : [
{
"i1" : {
"city" : "indore"
}
},
{
"i2" : {
"city" : "bangalore"
}
}
]
}
}
]