From df096592cc9ec8af3d1c9e88c71cf703223bb943 Mon Sep 17 00:00:00 2001
From: Kofi B <kofi.bartlett@elastic.co>
Date: Wed, 29 Jan 2025 03:46:39 -0500
Subject: [PATCH] [DOCS] Search multiple indices added info (#120572)

* [DOCS] Search multiple indices added info

* Update docs/reference/search/search-your-data/search-multiple-indices.asciidoc

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>

* Update docs/reference/search/search-your-data/search-multiple-indices.asciidoc

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>

* Update docs/reference/search/search-your-data/search-multiple-indices.asciidoc

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>

* Update docs/reference/search/search-your-data/search-multiple-indices.asciidoc

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>

* Update docs/reference/search/search-your-data/search-multiple-indices.asciidoc

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>

---------

Co-authored-by: George Wallace <georgewallace@users.noreply.github.com>
---
 .../search-multiple-indices.asciidoc          | 36 ++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/docs/reference/search/search-your-data/search-multiple-indices.asciidoc b/docs/reference/search/search-your-data/search-multiple-indices.asciidoc
index 4052097e73c91..f02e10640a6d9 100644
--- a/docs/reference/search/search-your-data/search-multiple-indices.asciidoc
+++ b/docs/reference/search/search-your-data/search-multiple-indices.asciidoc
@@ -1,5 +1,11 @@
 [[search-multiple-indices]]
-=== Search multiple data streams and indices
+=== Search multiple data streams and indices using a query
+
+There are two main methods for searching across multiple data streams and indices in {es}:
+
+* *Query Level*: Directly specify indices in the search request path or use index patterns to target multiple indices.
+
+* *Index level*: Use <<aliases, index aliases>>, which act as pointers to one or more backing indices, enabling logical grouping and management of indices.
 
 To search multiple data streams and indices, add them as comma-separated values
 in the <<search-search,search API>>'s request path.
@@ -39,6 +45,34 @@ GET /my-index-*/_search
 ----
 // TEST[setup:my_index]
 
+You can exclude specific indices from a search. The request will retrieve data from all indices starting with `my-index-`, except for `my-index-01`.
+
+[source,console]
+----
+GET /my-index-*/_search
+{
+  "query": {
+    "bool": {
+      "must": [
+        {
+          "match": {
+            "user.id": "kimchy"
+          }
+        }
+      ],
+      "must_not": [
+        {
+          "terms": {
+            "_index": ["my-index-01"]
+          }
+        }
+      ]
+    }
+  }
+}
+----
+// TEST[setup:my_index]
+
 To search all data streams and indices in a cluster, omit the target from the
 request path. Alternatively, you can use `_all` or `*`.