I want to have three conditions in my elasticsearch query and accordingly I have written as below. But I don't know why it is returning a DOCUMENT where AMOUNT is 250 and it EXISTS whereas my condition is ATLEAST one of the two i.e. AMOUNT less than or equal to zero or AMOUNT should not exist.
Below is the DSL Query
{
"from":0,
"size":10,
"track_total_hits":true,
"_source": ["amount", "npa_stageid_loanaccounts"],
"query":{
"bool":{
"must":[
{
"query_string":{
"default_field":"npa_stageid_loanaccounts.keyword",
"query":"Y"
}
},
{
"bool":{
"minimum_should_match":1,
"should":[
{
"range":{
"Amount":{
"lte":0
}
}
},
{
"bool":{
"must_not":[
{
"exists":{
"field":"Amount"
}
}
]
}
}
]
}
}
]
}
}
}
In your documents, you have amount but in your query you have Amount, the casing is not the same.
Related
i am refering to this question
How to use "OR" in Dev Tool Query
While trying to extend this to 3 Match with a minimum should match number to 2 it does not return any when i set it like this ""minimum_should_match":1" its works, but only gives 1 match, but when i do like this ""minimum_should_match":2" then it does not return anything, where as i know the query should found minimum 2 match which are in the log
so what i am doing wrong ?
GET _search
{
"query":{
"bool":{
"must":[
{
"match":{
"log.file.path":"mylog.log"
}
},
{
"term":{
"GPS-LOG.IMEI":{
"value":"1234567"
}
}
},
{
"bool":{
"should":[
{
"term":{
"GPS-LOG.COMMAND":{
"value":"HB"
}
}
},
term":{
"GPS-LOG.COMMAND":{
"value":"DB"
}
}
},
{
"term":{
"GPS-LOG.COMMAND":{
"value":"TR"
}
}
}
],
"minimum_should_match":1
}
}
],
"filter":{
"range":{
"#timestamp":{
"gte":"now-10m"
}
}
}
}
}
}
I am running following elasticsearch query from groovy script. There are thousands of records which meet this criteria, but I get only 10 records in return.
{
"query":{
"bool":{
"must":[
{
"match_all":{
}
},
{
"range":{
"#Timestamp":{
"gte":1417511269270,
"lte":1575277669270,
"format":"epoch_millis"
}
}
},
{
"match_phrase":{
"field1.keyword":{
"query":"value1"
}
}
},
{
"match_phrase":{
"field2.keyword":{
"query":"value2"
}
}
},
{
"range":{
"#Timestamp":{
"gte":"2001-03-01",
"lt":"2019-10-30"
}
}
}
],
"filter":[
],
"should":[
],
"must_not":[
]
}
}
}
What am I missing in my query?
You are missing a size parameter, which means it defaults to 10 results.
e.g. add this to your query object:
"size": 100
I'm using an Elasticsearch filter aggregation with a nested top_hits aggregation to retrieve top matching documents based on different filters, but I can't seem to change the scores of results in each bucket via boosting or a nested function_score query. Is this just not possible? I haven't found any explicit documentation saying it won't work, and the query executes just fine, however the resulting scores aren't impacted.
Example query (note the huge boost in the first aggregation):
GET _search
{
"size":0,
"query":{
"bool":{
"should":[
{
"multi_match":{
"type":"phrase",
"query":"TV",
"fields":[
"categories^4"
]
}
}
]
}
},
"aggs":{
"1":{
"filter":{
"bool":{
"must":[
{
"multi_match":{
"type":"phrase",
"query":"Music",
"fields":[
"categories^10"
]
}
}
]
}
},
"aggs":{
"1_hits":{
"top_hits":{
"size":10,
"sort":[
{
"_score":{
"order":"desc"
}
}
]
}
}
}
},
"2":{
"filter":{
"bool":{
"must":[
{
"multi_match":{
"type":"phrase",
"query":"Music",
"fields":[
"categories"
]
}
}
]
}
},
"aggs":{
"2_hits":{
"top_hits":{
"size":10,
"sort":[
{
"_score":{
"order":"desc"
}
}
]
}
}
}
}
}
}
This is a story of 2 queries. One returns results, while the other does not. Why?
Query that returns results:
{
"index":"my_index",
"type":"places",
"body":{
"from":0,
"size":"12",
"sort":{
"_score":{
"order":"desc"
}
},
"query":{
"function_score":{
"query":{
"bool":{
"must":[
],
"should":[
],
"must_not":[
],
"filter":[
]
}
},
"functions":[
{
"gauss":{
"location":{
"origin":{
"lat":"41.243368",
"lon":"-116.79711"
},
"offset":"0mi",
"scale":"100mi"
}
}
}
],
"score_mode":"sum",
"boost_mode":"sum"
}
}
}
}
Query that does NOT return results:
{
"index":"my_index",
"type":"places",
"body":{
"from":0,
"size":"12",
"sort":{
"_score":{
"order":"desc"
}
},
"query":{
"function_score":{
"query":{
"bool":{
"must":[
],
"should":[
{
"terms":{
"region_id":[
32273
],
"boost":2
}
}
],
"must_not":[
],
"filter":[
]
}
},
"functions":[
{
"gauss":{
"location":{
"origin":{
"lat":"41.243368",
"lon":"-116.79711"
},
"offset":"0mi",
"scale":"100mi"
}
}
}
],
"score_mode":"sum",
"boost_mode":"sum"
}
}
}
}
The Bool Query has only a Should Clause.
Also, I am summing the scores, not multiplying them.
It's true that I do not have any items in the index that have the specified "region_id", but I fail to see how the results of the first query are excluded from the second query. It seems like the 0 score on the Bool Query is acting like a filter.
The first query acts as a match_all query so it returns everything and applies the function score.
In the second query you have a should clause, but since there are no must or filter clause it must match.
From ES docs: "In a boolean query with no must or filter clauses, one or more should clauses must match a document"
Suppose we have the following filtering: field > 0 AND field != value
I am a bit mixed up on the many ways that elasticsearch has to express that filter using the bool query.Consider the following queries:
Query one
"bool":{
"must_not":{
"term":{
"field": value
}
},
"must":{
"range":{
"field":{
"gt":0
}
}
}
}
Query 2:
"bool":{
"must_not":{
"term":{
"field": value
}
},
"filter":{
"range":{
"field":{
"gt":0
}
}
}
}
Query 3
"bool":{
"must":{
"bool":{
"must":{
"range":{
"field":{
"gte":value
}
}
},
"must_not":{
"field":value
}
}
}
}
Do query 1 and 2 mean the same thing? Also although I have seen many examples in the form of the query 3 (bool query inside a must|should|must_not clause), it produces an error when validating the query:
org.elasticsearch.index.query.QueryParsingException: [_na] query malformed, no field after start_object'}
What does this error mean? How is the correct form? And why so many ways to filter results?