Using wildcard and must_not to search

geeky_human · January 16, 2023, 10:36am

Hi,

I’m new to ELK. For searching, I’m using dev tools in kibana. I want to find all the results that do not match a wildcard term.

"must_not": [
    {"wildcard": {
      "agent.keyword": {"value":"python*"}
    }}]

It returns "[must_not] query malformed, no start_object after query name"

Can we use must_not with wildcard statement?

RabBit_BR · January 16, 2023, 11:12am

Hi @geeky_human

Are you using the "must_not" inside the Bool Query?

{
  "query": {
    "bool": {
      "must_not": [
        {
          "wildcard": {
            "agent.keyword": {
              "value": "python*"
            }
          }
        }
      ]
    }
  }
}

system · February 13, 2023, 11:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using must_not and wildcard to search Elasticsearch	6	15965	July 3, 2018
Using wildcard in must_not is not working Elasticsearch	1	309	August 25, 2021
Match query with Wildcards Elasticsearch	1	438	July 6, 2017
Must not query not working Elasticsearch	9	11447	December 29, 2017
Error: bool query does not support [must-not] Elasticsearch elastic-stack-alerting	3	3155	July 6, 2017

Using wildcard and must_not to search

Related topics