How to filter out (exclude) all results given by Elastic search query DSL in Kibana?

Question

I'm trying to view a list of user agents connecting to my web server. I wrote this (working) query:

{
  "query": {
    "regexp": {
      "useragent": {
        "value": "Mozilla/5.0 \\(Windows.*"
      }
    }
  }
}

But while I was trying to get the Invert match (similar to -v in Grep) couldn't find the answer.

I saw this post - elastic search query filter out ids by wildcard But it didn't work - tryied copy pase, only filter, only must_not, with and without bool, with and without match_all.

I also searched in Google for the answer with no luck.

Can anyone please help me?

Nishant Nishant · Accepted Answer · 2019-07-20T09:35:59

Use must_not clause of bool query as below:

{
  "query": {
    "bool": {
      "must_not": [
        {
          "regexp": {
            "useragent": {
              "value": "Mozilla/5.0 \\(Windows.*"
            }
          }
        }
      ]
    }
  }
}

How to filter out (exclude) all results given by Elastic search query DSL in Kibana?

1 Answers