Exclude results in search in kibana

Hi all. Can someone tell me how to exclude search results? There is a field in which there are 2 values ​​(conditionally) - connected and an error. I need to exclude the results when first there is an error and then connected. And leave in the search results with an error.

e.g., lets say you have a product index in which you have 3 columns: product name, manufacturer, price

now in your index you have the following:

prod_name manufacturer price
Laser Acme 2000
Tshirt Acme 100
Ball Technew 50
Spoon Technew 10

lets say you want all the products that were NOT manufactured by Acme:

you would query kibana as follows (KQL): NOT manufacturer: "Acme"

prod_name manufacturer price
Ball Technew 50
Spoon Technew 10

now lets say you want to combine it with another filter, e.g., from the products not manufactured by Acme, you want the ones that are under 40 (KQL): (NOT manufacturer: "Acme") AND price < 40

prod_name manufacturer price
Spoon Technew 10

lets say now you want the results bellow 1000 and above 20 (KQL): (NOT (price < 1000 OR price > 20))

prod_name manufacturer price
Tshirt Acme 100
Ball Technew 50

if you could post a more specific example, I could help you further, but so far what you are asking is quite generic :slight_smile:

Thanks for the answer.
I have a text dashboard in kibana, where the fields "time", "ApplicationName", "Livenesscheck" and "message" are displayed. Time is the time of the error, applicationname is the hostname, livenesscheck is the parameters "connection established" and "connection failed", and message is all of that(time,hostname and livenesscheck). I need to show in my dashboard those adapters that gave an error and then did not connect successfully, and if it gives an error and then connects, then all results for this adapter should be hidden.

Hi,
I am facing a similar challenge as Romzez is.
I would like to Unique Count the number of userNam that last visited our platform more than a week ago and less than 3 month. That's quite simple. I am using the date range aggregation. However some of those userName also visited the platform in the past week. How do exclude those duplicate userName that appears in both ranges/buckets. I hope it is clear enough as English isn't my mother tongue.

Thank you!
Lee

I have a text dashboard in kibana, where the fields "time", "ApplicationName", "Livenesscheck" and "message" are displayed. Time is the time of the error, applicationname is the hostname, livenesscheck is the parameters "connection established" and "connection failed", and message is all of that(time,hostname and livenesscheck). I need to show in my dashboard those adapters that gave an error and then did not connect successfully,

For this I think it is clear, you just don't want the results that have "connection established" in your dashboard.

(NOT livenesscheck : "connection established")

and if it gives an error and then connects, then all results for this adapter should be hidden.

I think you need to configure the field at your table, use "last value" for "livenesscheck".

so if it failed first but then succeeded, only the succeded value would be printed in your table, and then by applying the query you would filter these out, makes sense?

HTH

for that you need to use formulas,

e.g. (sum(price)-sum(price, shift='1y'))/sum(price, shift='1y')

To calculate the difference between the price last year and the price now.

but by using formulas you cannot do top results.

so, your formula would be like

unique_count(userNam) - unique_count(userNam, shift='1w')

Thank you for trying to help. But this is not quite what I need. Simply put, I need to exclude all the results of the field "a" in the Discover menu if the field "b" is equal to 2.
It's something like "If field A is exists and field B = 1, then exclude all results with A field.
For example:
|Name | Count |
|a | 1 |
|a | 2 |
|b | 1 |
And i need to hide all results with Name "a", bcs count value is changed.

then it would be a : * AND NOT b : 1 this will exclude all documents that have any content in A and B = 1.

Columns cannot be hidden or shown in Discover based on any automated criteria, those are manually added/removed :slight_smile:

Well, if I create a table in the dashboard, then I can make such a condition there and how can it look like? Custom rule?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.