DSL Query to search in message field for some value and it must not contain something else

Elastic Stack Elasticsearch
1

Trying to come up with a query to search "message" field for something like "Hello" and also the field must not contain strings like "Test" "TestProcess". "UpdatingTestProcess"
Below are sample messages:

Message: Hello TestProcess is initiated.
Message: Hello SomeOtherProcess is initiated.
Message: UpdatingTestProcess is processing Hello data.
Message: SomeOtherProcess is processing Hello data.
Message: Hello TestUpdateProcess is successful in process Hello data.
Message: SomeOtherProcess is successful in process Hello data.
Message: Waiting for processes to complete their work.

Hello is there in all the above message except last messages and I am only interested in fetching message 2, 4 and 6 and ignore message 1, 3, and 5 which contain "Test" string. I also ignore last message as it doesn't contain "Hello" String

I tried below query but it didn't work and it is fetching message 1 through 6 and ignoring just 7th message.

{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "message": {
              "query": "Hello"
            }
          }
        }
      ],
      "must_not": [
        {
          "terms": {
            "message": [
              {
                "query": "Test"
              }
            ]
          }
        }
      ]
    }
  }
}
2

Welcome. It's because Test does not match TestProcess as they are not analyzed the same way.

You need to change the analyzer or use a this type: Keyword type family | Elasticsearch Guide [7.14] | Elastic to run wildcard queries instead.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.