How do I exclude multiple terms in Kibana 4

Question

How can I exclude multiple search terms in Kibana 4? If I type in only one term, it excludes it...but how can I have more than one excluded term. For example, the term "not yet classified"

Answer 1

https://www.elastic.co/guide/en/kibana/master/kuery-query.html

To match documents where response is 200 but extension is not php or css.

response:200 and not (extension:php or extension:css)

Answer 2

So in the query above the visualization, you can use Lucene syntax to exclude the hits, once saved this will perform the same as an attempt of using regex or Lucene syntax in the Exclude Field of the Buckets advanced options.

Answer 3

in newer version of kibana if you want to exclude some term use this:

not field : "text"

if you want to exclude a phrase use this:

not field : "some text phrase"

you can use other logical operation with not:

field: "should have phrase" and not field: "excluded phrase"

Answer 4

If I understand your question properly, you're trying to use the "Exclude Pattern" to exclude certain values from populating in the chart.

The "Exclude Pattern" and "Include Pattern" fields are for Regular Expressions and are documented here: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html.

If you want to exclude multiple fields, you could do something like this:

term1|term2|term3

Answer 5

The query field in Kibana uses Lucene syntax which has some info at http://www.lucenetutorial.com/lucene-query-syntax.html.

To exclude a term containing specific text, use

-field: "text"

to exclude different texts, I use

-field: ("text1" or "text2")

If it's two separate fields, try

-field1: "text1" -field2: "text2"