Member_2_7964647
asked on
ElasticSearch Filter Query
I'm running an ElasticSearch query and it pulls users in the subject field and the doc count and gives the out put shown below after the query. I want to omit certain users in the subject field in the query.
QUERY:
"query": {
"filtered": {
"query": {
"query_string": {
"analyze_wildcard": True,
"query": "neo",
}
},
"filter": {
"bool": {
"must": [
{
"query": {
"match": {
"X-Apex-Request-Source": {
"query": "internal",
"type": "phrase",
}
}
}
},
{
"range": {
"@timestamp": {
"gte" : mns,
"lte" : nns
}
}
}
],
"must_not": []
}
}
}
},
"size":0,
"aggs": {
"4": {
"terms": {
"field": "subject",
"size": 0,
"order": {
"_count": "desc"
}
}
}
}
RESULT:
{'_shards': {'failed': 0, 'successful': 185, 'total': 185},
'aggregations': {'4': {'buckets': [{'doc_count': 127,
'key': '__unauthenticated__'},
{'doc_count': 109, 'key': 'zkeaty'},
{'doc_count': 67, 'key': 'bfoo'},
{'doc_count': 66, 'key': 'rthomason'},
{'doc_count': 57, 'key': 'btolman'},
{'doc_count': 31, 'key': 'jcameron'},
{'doc_count': 29, 'key': 'atlas'},
{'doc_count': 11, 'key': 'jtorres'},
{'doc_count': 10, 'key': 'moxley'},
{'doc_count': 8, 'key': 'zmartell'},
{'doc_count': 4, 'key': 'jpyle'},
{'doc_count': 4, 'key': 'tjones'},
{'doc_count': 3, 'key': 'jpatterson'},
{'doc_count': 1, 'key': 'jrodriguez'},
{'doc_count': 1, 'key': 'kkalita'},
{'doc_count': 1, 'key': 'mubis'},
{'doc_count': 1, 'key': 'smcingvale'}],
'doc_count_error_upper_bou
'sum_other_doc_count': 0}},
'hits': {'hits': [], 'max_score': 0.0, 'total': 530},
'timed_out': False,
'took': 451}
MAPPING:
"subject" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
QUERY:
"query": {
"filtered": {
"query": {
"query_string": {
"analyze_wildcard": True,
"query": "neo",
}
},
"filter": {
"bool": {
"must": [
{
"query": {
"match": {
"X-Apex-Request-Source": {
"query": "internal",
"type": "phrase",
}
}
}
},
{
"range": {
"@timestamp": {
"gte" : mns,
"lte" : nns
}
}
}
],
"must_not": []
}
}
}
},
"size":0,
"aggs": {
"4": {
"terms": {
"field": "subject",
"size": 0,
"order": {
"_count": "desc"
}
}
}
}
RESULT:
{'_shards': {'failed': 0, 'successful': 185, 'total': 185},
'aggregations': {'4': {'buckets': [{'doc_count': 127,
'key': '__unauthenticated__'},
{'doc_count': 109, 'key': 'zkeaty'},
{'doc_count': 67, 'key': 'bfoo'},
{'doc_count': 66, 'key': 'rthomason'},
{'doc_count': 57, 'key': 'btolman'},
{'doc_count': 31, 'key': 'jcameron'},
{'doc_count': 29, 'key': 'atlas'},
{'doc_count': 11, 'key': 'jtorres'},
{'doc_count': 10, 'key': 'moxley'},
{'doc_count': 8, 'key': 'zmartell'},
{'doc_count': 4, 'key': 'jpyle'},
{'doc_count': 4, 'key': 'tjones'},
{'doc_count': 3, 'key': 'jpatterson'},
{'doc_count': 1, 'key': 'jrodriguez'},
{'doc_count': 1, 'key': 'kkalita'},
{'doc_count': 1, 'key': 'mubis'},
{'doc_count': 1, 'key': 'smcingvale'}],
'doc_count_error_upper_bou
'sum_other_doc_count': 0}},
'hits': {'hits': [], 'max_score': 0.0, 'total': 530},
'timed_out': False,
'took': 451}
MAPPING:
"subject" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.