Suppose I have a string like
/something/other/123
I want to be able to search 123. For some reason given that the string is indexed as keyword, when I attempt to do
GET /_search
{
"query": {
"wildcard": {"myfield": {"value": "*123"}}
}
}
It gives nothing, why is that?
Wildcard query works on the keyword field. if you have .keyword subfield(if Elasticsearch generated the mapping for your myfield) then below query returns the result.
{
"query": {
"wildcard": {
"myfield.keyword": { --> note .keyword in the field name.
"value": "*123"
}
}
}
}
Related
if i have three rows like
name: "cat"
name: "cat is white"
name: "cat is black"
If i query filed name with string 'cat' using match or term query, get all three results.
How to get only name: "cat"?
GET animals/_search
{
"query": {
"match": {
"name": {
"query": "cat"
}
}
}
}
Use term query on keyword field
Returns documents that contain an exact term in a provided field.
GET /_search
{
"query": {
"term": {
"name.keyword": {
"value": "cat"
}
}
}
}
term query performs case sensitive match. If you want case insensitive match you will have to use normalizer on keyword field
I am using kibanna
I am trying to put filter on a field container_name = "armenian"
but I have other container names with following names
armenian_alpha
armenian_beta
armenian_gama
armenian1
armenian2
after putting the filter , search query in kibanna becomes
{
"query": {
"match": {
"container_name": {
"query": "armenian",
"type": "phrase"
}
}
}
}
But the output searches logs for all containers , as I can see the Elastic search query is using a pattern matching
How can I put an exact match with the string provided and avoid the rest ?
You can try out with term query. Do note that it is case sensitive by default unless you specify with case_insensitive equals to true. Also, if your container_name is a text field type instead of keyword field type, do add the .keyword after the field name. Otherwise, ignore the .keyword.
Example:
GET /_search
{
"query": {
"term": {
"container_name.keyword": {
"value": "armenian"
}
}
}
}
Link here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
I would recommend using a direct wildcard in query or wildcard as follow
GET /_search
{
"query": {
"match": {
"container_name": {
"query": "*armenian",
"type": "phrase"
}
}
}
}
GET /_search
{
"query": {
"wildcard": {
"container_name": {
"value": "*armenian"
}
}
}
}
With *armenian you are ensuring that armenian comes at the end.
"I am searching in a elasticsearch cluster GET request on the basis of sourceID tag with value :- "/A/B/C/UniqueValue.xml" and search query looks like this:-"
{
"query": {
"bool": {
"must": [
{
"term": {
"source_id": {
"value": "/A/B/C/UniqueValue.xml"
}
}
}
]
}
}
}
"How can i replace "/A/B/C" from any wildcard or any other way as i just have "UniqueValue.xml" as an input for this query. Can some please provide the modified search Query for this requirement? Thanks."
The following search returns documents where the source_id field contains a term that ends with UniqueValue.xml.
{
"query": {
"wildcard": {
"source_id": {
"value": "*UniqueValue.xml"
}
}
}
}
Note that wildcard queries are expensive. If you need fast suffix search, you could add a multi-field to your mapping which includes a reverse token filter. Then you can use prefix queries on that reversed field.
Works as expected:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau"
}
}
}
an added wildcard at the end delivers no results and I wonder why:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau*"
}
}
}
how to fix it?
elasticsearch v5.3.2
This delivers results:
{
"query": {
"query_string": {
"query": "Hofstetten*"
}
}
}
I use a single search field. The end user can freely use wildcards as they see fit. A user might type in:
hofstetten grünau
+ort:hofstetten-grünau
+ort:Hofstetten-G*
so using a match query wont work out for me.
I am using Jest (Java Annotations) as Mapping, and using "default" for this field. My index mapping declares nothing special for the field:
{
"mappings": {
"_default_": {
"date_detection": false,
"dynamic_templates": [{
}]
}
}
}
Adding the wildcard "*" at the end of your query string is causing the query analyzer to interpret the dash between "Hofstetten" and "Grünau" as a logical NOT operator. So you're actually searching for documents that contain Hofstetten but do NOT contain Grünau.
You can verify this by doing the following variations of your search:
"query": "Hofstetten-XXXXX" #should not return results
"query": "Hofstetten-XXXXX*" #should return results
To fix this I would recommend using a match query instead of a query_string query:
{"query": {"match": { "city": "Hofstetten-Grünau" }}}'
(with whatever your appropriate field name is in place of city).
I am using ES 2.4.0
i have to match a string it will be like this "{hi} {ARE} {how} {You}"
I given query like this
{
"query": {
"match": {
"simple": "{hi} {ARE} {how} {You}"
}
}
}
In the output it is showing all the documents rather than the documents that match the exact string (i.e simple) value.
NOTE: This is analysed at mapping level.
If you want to match all the keywords in the same order, you should use match_phrase
{
"query": {
"match_phrase": {
"simple": "{hi} {ARE} {how} {You}"
}
}
}
In case you don't need the words in the same order, but want only all these words to be present in the search results, then use match with operator.
{
"query": {
"match": {
"simple": {
"query": "{hi} {ARE} {how} {You}",
"operator": "and"
}
}
}
}