Is there any way to exclude something when running a composite?
trying to get all my Src_IP addresses from all my sources except from one and I am trying to exclude that.
Any recommendations?
I can't use a quarry or I will duplicate my data on export by multiple factors.
example of my search
GET /logstash-*/_search?
{
"size" : 0,
"aggs" : {
"my_buckets": {
"composite" : {
"sources" : [
{ "Feild1": { "terms": {"field1": "Feild1.keyword", "order": "asc" } } },
{ "Feild2": { "terms": {"field2": "Feild2.keyword", "order": "asc" } } },
{ "Feild3": { "terms": {"field3": "Feild3.keyword", "order": "asc" } } },
{ "Feild4": { "terms": {"field4": "Feild4.keyword", "missing" : "_missing_", "order": "asc" } } },
{ "Feild5" :{ "terms": {"field5": "Feild5.keyword","order": "asc"}}}
]
}
}
},
"post_filter": {
"bool": {
"term": {
"Feild5.keyword": "Specific subset I want to exclude"
}
}
}
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.