Elastic search query group only data where none of the fields contain x

Tomaz_Bratanic1 · November 7, 2018, 11:23am

The structure of my logs looks like this:

{deviceID:"xx", charger:"xy", date: "yy", battery: 5}

Is it possible to have a ES query that.

Takes last 24h
Excludes devices where any of the log in the last 24h had charger value = 2
Returns logs

I don't know how to do the second step where you exclude all the logs from a single device if any of the logs had a specific value.

Thanks

Jaspreet_Singh · November 7, 2018, 4:20pm

I would try ...

{
  "query": {
    "bool": {
      "filter": {
              "range": {
                "date": {
                  "gte": "now-1d",
                  "lte": "now"
                }
              }
      },
      "must_not": [
        {
          "match": {
            "charger": "2"
          }
        }
      ]
    }
  }
}

Alternatively, you can combine filter for charge field if it is non-analyzed and you dont want to score it, helps with caching too, along with range filter.

system · December 5, 2018, 4:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.