Excluding result from the search

Elastic Stack Elasticsearch
1

I want to that some terns are excluded from the search, this is de cod:

GET /imsva_message/_search 
{ 
"size": 0,
"aggs" : { 
    "aggdata" : { 
        "filter": { 
          "range": {
            "data1": {
              "from": "now-15m",
              "to": "now"
            }
          }
        },
        "aggs" : { 
          "aggremetente" : { 
            "terms" : { 
              "field" : "remetente.keyword",
              "min_doc_count":50  
            }
          }
        } 
    } 
} 
}

and this is the result:

{
"took" : 227,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 3188121,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"aggdata" : {
  "doc_count" : 1254,
  "aggremetente" : {
    "doc_count_error_upper_bound" : 5,
    "sum_other_doc_count" : 309,
    "buckets" : [
      {
        "key" : "xxx@xxx.xxx.xxx",
        "doc_count" : 464
      },
      {
        "key" : "yyy.yyy@yyy.yyy.yyy",
        "doc_count" : 159
      },
      {
        "key" : "zzz@zzz.zzz.zzz",
        "doc_count" : 50
      }
    ]
  }
}
}
}

how do I do for the result to be:

{
"took" : 227,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 3188121,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"aggdata" : {
  "doc_count" : 1254,
  "aggremetente" : {
    "doc_count_error_upper_bound" : 5,
    "sum_other_doc_count" : 309,
    "buckets" : [
      {
        "key" : "yyy.yyy@yyy.yyy.yyy",
        "doc_count" : 159
      },
      {
        "key" : "zzz@zzz.zzz.zzz",
        "doc_count" : 50
      }
    ]
  }
}
}
}

removing the term :

{
        "key" : "xxx@xxx.xxx.xxx",
        "doc_count" : 464
}

of search, or removing any other terms for the search?

2

Hi @schneider,

If you want to exclude all "remetente" value that are not yyy.yyy@yyy you can use a term query:
https://www.elastic.co/guide/en/elasticsearch/reference/7.2/query-dsl-term-query.html
Where your term will be equal to yyyy....

Or if you want to exclude some terms like xxx or zzzz you can use the terms query encapsulated inside a bool must not.

https://www.elastic.co/guide/en/elasticsearch/reference/7.2/query-dsl-terms-query.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.2/query-dsl-bool-query.html

3

Thx gabriel

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.