I've got a query that gives 178 results, and it ends with me filtering down to a single field, which by itself works fine.
| fields url
I then want to remove the internal fields, like _time and _raw , as I want to both export the data to csv with only this field, and I want to be able to do set intersect comparisons that only compare on the one field.
If I try piping this to fields to remove the internal fields, like either of the following, I get zero results
| fields url | fields - _*
| fields url | fields - _raw,_time
I've noticed that if I include _time in the fields parameter, that's when my results go to zero.
Any suggestions?
... View more