Bird
Raised Fist0

How can you modify a Discover query to exclude documents where the field 'user' equals 'admin'?

hard🚀 Application Q9 of Q15
Elasticsearch - Kibana and Visualization
How can you modify a Discover query to exclude documents where the field 'user' equals 'admin'?
AUse <code>user!=admin</code> in the query
BUse <code>NOT user:admin</code> in the query
CUse <code>user:-admin</code> in the query
DUse <code>user<>admin</code> in the query
Step-by-Step Solution
Solution:

  1. Step 1: Recall negation syntax in Discover

    NOT before a condition excludes matching documents.

  2. Step 2: Evaluate other options

    !=, - prefix, and <> are not valid negation syntax in Discover queries.

  3. Final Answer:

    Use NOT user:admin in the query -> Option B

  4. Quick Check:

    Use NOT to exclude documents [OK]
Quick Trick: Use NOT before field:value to exclude matches [OK]
Common Mistakes:
MISTAKES
  • Using != or <> which are invalid in Discover
  • Using minus sign incorrectly for negation
  • Confusing negation syntax with programming languages

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Elasticsearch Quizzes
Advanced Patterns - Point-in-time API - Quiz 3easy Advanced Patterns - Async search for expensive queries - Quiz 4medium Cluster Management - Snapshot and restore - Quiz 1easy Cluster Management - Snapshot and restore - Quiz 15hard Performance and Scaling - Replica management - Quiz 1easy Performance and Scaling - Index refresh interval - Quiz 10hard Performance and Scaling - Bulk indexing optimization - Quiz 5medium Performance and Scaling - Hot-warm-cold architecture - Quiz 13medium Security - Encryption in transit and at rest - Quiz 11easy Security - API key management - Quiz 4medium