How can I use a boolean query with a filter that checks for strings that "do not end with", "does not start with" and "does not contain" a certain string,

sebbpp · October 9, 2024, 11:35pm

I am trying to get a query that help me out to get the records where

tsv3message.connection.helo does not contain "dm3" string
tsv3message.connection.host does not start with "qak" string
tsv3message.connection.host does not end with "no_sid" string

GET /_search 
{
  "size": 100,
  "query": {
    "bool": {
      "filter": [
        {
          "wildcard": {
            "tsv3message.connection.helo": {
              "value": "*dm3*"
            }
          }
        },
        {
          "wildcard": {
            "tsv3message.connection.host": {
              "value": "qak*"
            }
          }
        },
        {
          "wildcard": {
            "tsv3message.connection.sid": {
              "value": "*no_sid"
            }
          }
        },
        {
          "range": {
            "tsv3message.esTimestamp": {
              "gte": "2024-10-09T00:00:00",
              "lte": "2024-10-09T23:59:59",
              "format": "yyyy-MM-dd'T'HH:mm:ss"
            }
          }
        }
      ]
    }
  }
}

Any help is really appreciated

Topic		Replies	Views
Can't get boolean logic in Kibana filters to work Kibana	8	1833	July 6, 2017
Filtering with wildcard Kibana	2	168	May 27, 2024
Filter contain string in Kibana 5.6 Kibana	2	5036	October 23, 2017
I want to use filter: "NOT FIELD exists" in TSVB Kibana	3	939	March 13, 2020
Filtering in Kibana Kibana	14	31066	February 28, 2017

How can I use a boolean query with a filter that checks for strings that "do not end with", "does not start with" and "does not contain" a certain string,

Related topics