Hi All,

I need some help in searching, I have 1 index but it has multiple sources,

Index = Index1

Source = source 1
Source = source 2
Source = source 3

Source = source 4

Source = source 5

Source = source 6

Source = source 7

Now i have a requirement to create an alert search with only first 4 source and exclude the remaining three source 5,6,7

I tried using below query

Index = Index1 source IN ("source 1","source 2","source 3","source 4")

when i tried to exclude 4,5,6 source,getting error.Can you help on this?


Index = Index1
source IN ("source 1","source 2","source 3","source 4")
source  NOT IN ("source 4","source 5","source 3","source 6")
or
Index = Index1 source ! IN ("source 4","source 5","source 6")
source IN ("source 1","source 2","source 3","source 4")
source ! IN ("source 4","source 5","source 3","source 6")