How can I use a boolean query with a filter that checks for strings that "do not end with", "does not start with" and "does not contain" a certain string,

sebbpp · October 9, 2024, 11:35pm

I am trying to get a query that help me out to get the records where

tsv3message.connection.helo does not contain "dm3" string
tsv3message.connection.host does not start with "qak" string
tsv3message.connection.host does not end with "no_sid" string

GET /_search 
{
  "size": 100,
  "query": {
    "bool": {
      "filter": [
        {
          "wildcard": {
            "tsv3message.connection.helo": {
              "value": "*dm3*"
            }
          }
        },
        {
          "wildcard": {
            "tsv3message.connection.host": {
              "value": "qak*"
            }
          }
        },
        {
          "wildcard": {
            "tsv3message.connection.sid": {
              "value": "*no_sid"
            }
          }
        },
        {
          "range": {
            "tsv3message.esTimestamp": {
              "gte": "2024-10-09T00:00:00",
              "lte": "2024-10-09T23:59:59",
              "format": "yyyy-MM-dd'T'HH:mm:ss"
            }
          }
        }
      ]
    }
  }
}

Any help is really appreciated

Topic		Replies	Views
Filtering with wildcard Kibana	2	160	May 27, 2024
Query with NOT logic doesn't work in Kibana 6.5 Kibana	4	993	March 29, 2019
[Kibana] - Add filter using specific regex Kibana	4	4061	April 12, 2019
Query Kibana for strings WITHOUT commas? Kibana kql-kibana-query-language	2	617	September 5, 2023
Search string in a text Kibana	8	6073	July 11, 2018

How can I use a boolean query with a filter that checks for strings that "do not end with", "does not start with" and "does not contain" a certain string,

Related Topics