0

I have a problem retrieving all the docs, that do not have corresponding other logs by field value. I would appreciate any help given. The easiest to explain is with an example:

I have the following 5 docs:

DOC1:

{
     message: **Step1**,
     id: 100
}

DOC2:

{
     message: **Step2**,
     id: 100
}

DOC3:

{
     message: **Step1**,
     id: 200
}

DOC4:

{
     message: **Step2**,
     id: 300
}

DOC5:

{
     message: **StepX**,
     id: 400
}

So what I would like as a response from a query, would be all the docs, where Step1 does not have the corresponding Step2, where id value is the same. In the example below, this is (RESPONSE I WANT): DOC3:

{
     message: Step1,
     id: 200
}

What I tried so far is not the result I would like. This returns count of docs by id and ascending order, but since we have many other Steps, this is not ok, and results with count 1 will not be always correct.

GET index/_search
{
      "size": 0, 
      "aggs" : {
          "langs" : {
              "terms" : { 
                    "field" : "id",  
                    "size" : 10, 
                    "order": {
                      "_count": "asc"
                     }
               }
          }
     } 
}

MORE DETAILS In response, I need docs, that does not have 2 docs related with one id field (each result should have only 1 doc with related id and message=Step1).

Improve this question
2
  • Which field(message/id) value? Commented Jun 19, 2019 at 11:49
  • @Suresh For the result, I would need all the docs, where "Step2" value is missing on "message" field with "id" field of value "x" -> in above example this is 200. Commented Jun 19, 2019 at 11:56

1 Answer 1

Reset to default
0

Try this...

{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "id": "x"
          }
        }
      ],
      "must_not": [
        {
          "exists": {
            "field": "message"
          }
        }
      ]
    }
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This would be ok if I would have those ids (x in this example). I want this dynamic. It means that I will get docs for each id, that does not have the corresponding message. And btw, field "message" must always exist. I need docs, that does not have 2 docs related with one id field (one with message=Step1, another with message=Step2)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.