Query must and must_not

pjanzen · October 4, 2018, 6:57am

Hi All,

I am working on the below query and my perception of the output is that the domain.keyword produced by the must_not is excluded from the output. Is that correct?

{
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
                    "query": "source_affiliate:xxxx AND tags:cmgw AND action:P6* AND NOT action:*SPAM* AND _exists_:hdr_subject AND cm_score: [0 TO 90] AND NOT dkim:pass* AND NOT dmarc:pass* AND NOT hdr_subject.keyword:\"Mail delivery failed: returning message to sender\" AND NOT hdr_subject.keyword:\"Undelivered Mail Returned to Sender\"",
                    "analyze_wildcard": false
                  }
        }
      ],
      "must_not": [
        {
          "query_string": {
            "default_field": "domain.keyword", 
            "query": "cm_score:[100 TO 1000]"
          }
        }
      ]
    }
  }
}

fkelbert · October 5, 2018, 4:59am

Hi @pjanzen,

Any documents which match this query

          "query_string": {
            "default_field": "domain.keyword", 
            "query": "cm_score:[100 TO 1000]"
          }

will not be part of the result set.

See Bool query.

system · November 2, 2018, 5:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.