ElastAlert setup a string not contain alert.

For the documents that received for the past 10 minutes ,If one document found that with the status_code field value not contain 200 and service_id equals to given value, sends an alert

demo-and-alert.yaml: |-
    ---
    name: demo-and-alert
    type: frequency
    limit_execution: "0/10 * * * *"
    index: index-pattern*
    num_events: 1
    timeframe:
      minutes: 10
    realert:
      minutes: 30
    filter:
    - query:
        query_string:
            query: "(service_id: selfservice) AND NOT status_code: 200"
    alert:
    - "email"
    email:
    - "johndoe@skynet.uk"
    from_addr: "johndoe@skynet.uk"
    alert_subject: "[ElastAlert] [prod] WARINING - Sample message{0}."
    alert_subject_args:
      - service_id
    alert_text: "Alert text Message  is- {0}  cluster. At {1}."
    alert_text_type: alert_text_only
    alert_text_args:
      - message
      - "@timestamp"