0

I have to convert the following query in elasticsearch :

select * from index where observable not in (select observable from index where tags = 'whitelist')

I read that I should use a Filter in a Not Filter but I don't understand how to do. Can anyone help me? Thanks

EDIT:

I have to get all except those that have 'whitelist' tag but I need to check also that nothing of the blacklist element is contained into the whitelist.

Improve this question
11
  • Are u selecting from the same index ? Commented Jul 24, 2015 at 17:35
  • the your query should be simplified like this select * from index where tags <>'whitelist' Commented Jul 27, 2015 at 8:12
  • then...what api are u using for elasticsearch ? Commented Jul 27, 2015 at 8:14
  • Yes I know but I need to check this : if a element contained with tag 'whitelist' is also present with tag <> of 'whitelist' then I'll have to exclude that. Commented Jul 27, 2015 at 8:53
  • I'm using laravel with elasticsearch API Commented Jul 27, 2015 at 8:54

1 Answer 1

Reset to default
1

Your SQL query can be simplified to this:

select * from index where tags not in ('whitelist')

As a result the "corresponding" ES query would be

curl -XPOST localhost:9200/index/_search -d '{
  "query": {
    "filtered": {
      "filter": {
        "bool": {
          "must_not": {
            "terms": {
              "tags": [
                "whitelist"
              ]
            }
          }
        }
      }
    }
  }
}'

or another using the not filter instead of bool/must_not:

curl -XPOST localhost:9200/index/_search -d '{
  "query": {
    "filtered": {
      "filter": {
        "not": {
          "terms": {
            "tags": [
              "whitelist"
            ]
          }
        }
      }
    }
  }
}'
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi! thanks for your reply.. I have to get all except those that have 'whitelist' tag but I need to check also that nothing of the blacklist element is contained into the whitelist. So I guess that query couldn't be semplified
Hmmm... I think the best would be to provide a sample table with 3-4 records to highlight what your query does.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.