elasticsearch / kibana 4: field exists but is not equal to a value

Question

elasticsearch version 1.4.5

kibana 4.1.1

logstash 1.5.2-1

How do I structure a search in the discover tab of kibana 4 that only returns results if a field exists but is not equal to a specific value?

I have some apache log data in logstash and I want to return all entries that have status_code defined but not equal to 200. So if the possible values are {undefined, 200, 403, 404, 500, etc} I would like to see all variants of 4xx and 5xx errors but not messages where the field is not defined and not where it is set to 200.

I have tried the following:

+status_code: (*) -status_code: (200)  ((status_code: (*) AND NOT status_code: (200)) 

I also see references to elasticsearch curl queries but I'm not sure how to turn them into something that I can use in the kibana search bar. Here is an example:

{   "query": {     "constant_score": {       "filter": {         "bool": {           "must": {             "exists": {               "field": "status_code"             }           },           "must_not": {             "term": {               "status_code": '200'             }           }         }       }     }   } } 

Thanks!

Answer 1

The query you're looking for is this one:

_exists_:status_code AND NOT status_code:200 

This link shows you all what's supported by query string queries.