Hi all,
I'm trying to do something that should be relatively straightforward.
In Kibana, I want to exclude all CSS, PNG and SVG files from my app.req.destination field.
I've tried... -app.req.destination:"*\.css" -app.req.destination:"*\.svg" and "NOT app.req.destination:"*\.css" OR NOT app.req.destination:"*\.png" etc.
These don't seem to work; the number of results definitely drops but if I scroll down the logs I still see requests with these destinations.
Where am I going wrong?
You need to use the AND operator instead of the OR operator. The default operator is OR.
Below is an example that queries the kibana_sample_data_logs index. The example is in the visualize app and runs a terms aggregation against the request field. This makes it easy to see what is getting filtered out.
These are the top results with no filter
These are the results with the filter using OR. Notice that zip and rpm results are still displayed. That is because documents that contain a request of .zip match one part of the OR query so they return true.
Finally, the results with the filter using AND. This is what you want.
Thank you Nathan. This worked nicely, although the lowercase "not" didn't work at all on my instance...??
NOT app.req.destination : *css AND NOT app.req.destination : *png AND NOT app.req.destination : *svg AND NOT app.req.destination : *wof* AND NOT app.req.destination : *js AND NOT app.req.destination : *.ico
I swear I did this, by the way... so I'm not sure where I went wrong, but hey ho 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
