Elastic search query group only data where none of the fields contain x

Tomaz_Bratanic1 · November 7, 2018, 11:23am

The structure of my logs looks like this:

{deviceID:"xx", charger:"xy", date: "yy", battery: 5}

Is it possible to have a ES query that.

Takes last 24h
Excludes devices where any of the log in the last 24h had charger value = 2
Returns logs

I don't know how to do the second step where you exclude all the logs from a single device if any of the logs had a specific value.

Thanks

Jaspreet_Singh · November 7, 2018, 4:20pm

I would try ...

{
  "query": {
    "bool": {
      "filter": {
              "range": {
                "date": {
                  "gte": "now-1d",
                  "lte": "now"
                }
              }
      },
      "must_not": [
        {
          "match": {
            "charger": "2"
          }
        }
      ]
    }
  }
}

Alternatively, you can combine filter for charge field if it is non-analyzed and you dont want to score it, helps with caching too, along with range filter.

Topic		Replies	Views
Looking for data in Kibana Logstash kql-kibana-query-language	5	316	August 23, 2023
I want to except results on a specific date from elastic aggregation Elasticsearch	0	317	January 31, 2021
Query help request Elasticsearch	1	502	April 21, 2017
No data without filter but it works with filter Elasticsearch	0	353	March 26, 2019
Problem Query ElasticSearch Elasticsearch	2	563	April 19, 2017

Elastic search query group only data where none of the fields contain x

Related topics