Must_not field exists query returning documents with those fields excluded

SergiSolet · May 16, 2018, 2:43pm

Hi all, I don't know if it is a bug, but it seems to me or I am missing something maybe too.
I am performing a search query using the rest API of ES. I am using 5.6.8, the body query is the following (the involved part):

{
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "event.KPI.TimeE1.Value"
}
},
{
"exists": {
"field": "event.KPI.TimeE2.Value"
}
}
]....

in return Elasticsearch give a document with one or more of those fields that in theory I am excluding:
"_source": {
"@timestamp": "2018-05-15T05:46:22.733Z",
"@version": "1",
"event": {
"KPI": {
"TimeE2": {
"Value": "2018-05-15T05:46:20.000+0000"
},.....

Is this because the must_not clause is applying an OR operator instead of an AND? Can achieve the same result in Lucene Expression? I have tried but I couldn't.

RahulD · May 16, 2018, 8:04pm

You should try rewriting the query as follows:

"query" : {
  "bool" : {
    "must" : [
        {
            "bool" : {
				"must_not" : [
					{
						#first clause
					}
				]
			}
        },
		{
			"bool" : {
				"must_not" : [
					{
						#second clause
					}
				]
			}
		}
    ]
}
}

Hope that helps.

SergiSolet · May 18, 2018, 11:12am

Worked perfectly, thank you Rahul, many thanks..

system · June 15, 2018, 11:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to do "where field1 exists or field2 does not exist" Elasticsearch	3	54314	September 5, 2017
Query question: must not match anything but xyz Elasticsearch	2	940	July 6, 2017
Using must and must_not on same field Elasticsearch	3	2187	November 19, 2018
Not exists query Elasticsearch	4	31265	October 12, 2021
Must_not with exists query on nested object returns excluded field Elasticsearch kql-kibana-query-language	2	468	November 9, 2022

Must_not field exists query returning documents with those fields excluded

Related Topics