According to https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html#filtered, I can create an alias for certain events in an index, like all events with a certain tag. I would like to create an alias for all events in an index WITHOUT that tag. I'm having trouble finding the exact syntax for to do that.

POST /_aliases
{
"actions" : [
{
"add" : {
"index" : "test1",
"alias" : "alias2",
"filter" : { "term" : { "user" : "kimchy" } }
}
}
]
}

Should it be "filter": {"not": { "term" : { "user" : "kimchy" } } } ?

Thanks

Use a bool query with a must_not clause.

This worked.

Sorry for the delay in response, I finally got to test this answer.

More details and syntax here: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html#filtered

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.