elk kibana 日志搜索使用

kibana 测试版本:5.5

官网日志:https://www.elastic.co/guide/en/elasticsearch/reference/5.5/query-filter-context.html

query DSL:

增加了多条后

bool 后一级有 "must" "must_not" "filter"

{
  "query": {
    "bool": {
      "must_not": [
        {
          "match": {
            "class": "example01"
          }
        },
        {
          "match": {
            "class": "example02"
          }
        },
        {
          "match": {
            "class": "example03"
          }
        },
        {
          "match": {
            "class": "example04"
          }
        }
      ]
    }
  }
}

3.直接在输入栏里输入:
NOT class:(example01 example02 example03 example04)
参考地址:https://www.elastic.co/guide/en/elasticsearch/reference/5.5/query-dsl-query-string-query.html#query-string-syntax