hello,
I'm wanting to filter out Alexa top 500 DNS queries for a word cloud. For example:
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"dns_query.keyword": "google.com"
}
},
{
"match_phrase": {
"dns_query.keyword": "google.com"
}
},
{
"match_phrase": {
"dns_query.keyword": "googleads.g.doubleclick.net"
}
}
],
"minimum_should_match": 1
}
}
}
However I have 500 URL's to filter. Is there a way to add all URL's to filter?
Hey @I_like_dogs, you can use a "must_not" query to filter out items that don't match the items in an array ala:
{
"query": {
"bool": {
"must_not": [
{
"terms": {
"netflow.dst_port": [
"53",
"443"
]
}
}
]
}
}
}
You can look up terms you want to use in your filter from a document in an elasticsearch index. See the documentation for an example.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.