Using wildcard and must_not to search

geeky_human · January 16, 2023, 10:36am

Hi,

I’m new to ELK. For searching, I’m using dev tools in kibana. I want to find all the results that do not match a wildcard term.

"must_not": [
    {"wildcard": {
      "agent.keyword": {"value":"python*"}
    }}]

It returns "[must_not] query malformed, no start_object after query name"

Can we use must_not with wildcard statement?

RabBit_BR · January 16, 2023, 11:12am

Hi @geeky_human

Are you using the "must_not" inside the Bool Query?

{
  "query": {
    "bool": {
      "must_not": [
        {
          "wildcard": {
            "agent.keyword": {
              "value": "python*"
            }
          }
        }
      ]
    }
  }
}

Topic		Replies	Views
Using must_not and wildcard to search Elasticsearch	6	16142	July 3, 2018
Using wildcard in must_not is not working Elasticsearch	1	325	August 25, 2021
X_content_parse_exception Elastic Search elastic-app-search	4	2728	February 2, 2024
Wildcard conflicting Elasticsearch	1	209	April 25, 2022
Elasticsearch Query Elasticsearch eql-elastic-query-language	4	260	December 28, 2023

Using wildcard and must_not to search

Related topics