Create alias using filter to exclude certain value

reswob · March 8, 2018, 5:45pm

According to Aliases API | Elasticsearch Guide [8.11] | Elastic, I can create an alias for certain events in an index, like all events with a certain tag. I would like to create an alias for all events in an index WITHOUT that tag. I'm having trouble finding the exact syntax for to do that.

POST /_aliases
{
"actions" : [
{
"add" : {
"index" : "test1",
"alias" : "alias2",
"filter" : { "term" : { "user" : "kimchy" } }
}
}
]
}

Should it be "filter": {"not": { "term" : { "user" : "kimchy" } } } ?

Thanks

dadoonet · March 8, 2018, 8:31pm

Use a bool query with a must_not clause.

reswob · April 3, 2018, 1:31pm

This worked.

Sorry for the delay in response, I finally got to test this answer.

More details and syntax here: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html#filtered

system · May 1, 2018, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.