Good day together,
I have a little problem in Elastic/Kibana. In the Kibana Query Language "KQL" it is possible for me to execute a certain query:
car:* AND coun: * AND doc: (bes* OR *rvr*) AND NOT coun: (SIP OR LUK)
I would like to use this as a filter query using Elasticscearch query DSL. Only I don't get the same result. For this I use the boolean operator. My query looks like this:
{
"query": {
"bool": {
"must": [
{
"exists": {
"field": "car"
}
},
{
"exists": {
"field": "coun"
}
}
],
"should": [
{
"wildcard": {
"doc.keyword": {
"value": "bes*"
}
}
},
{
"wildcard": {
"doc.keyword": {
"value": "*rvr*"
}
}
}
],
"must_not": [
{
"term": {
"coun.keyword": "SIP"
}
},
{
"term": {
"coun.keyword": "LUK"
}
}
],
"minimum_should_match": 1
}
}
}
Unfortunately, I do not get the same result. My guess is the "should" operator. But I don't know exactly how to adjust the code.
I would be very grateful for any answer! Thanks a lot!
Problem here, that you putting OR outside AND. Just move should clause inside must. Like this
GET _search
{
"query": {
"bool": {
"must": [
{
"exists": {
"field": "car"
}
},
{
"exists": {
"field": "con"
}
},
{
"bool": {
"should": [
{
"wildcard": {
"doc.keyword": {
"value": "bes*"
}
}
},
{
"wildcard": {
"doc.keyword": {
"value": "*rvr*"
}
}
}
]
}
}
],
"must_not": [
{
"term": {
"coun.keyword": "SIP"
}
},
{
"term": {
"coun.keyword": "LUK"
}
}
],
"minimum_should_match": 1
}
}
}
Related
I'm trying to filter a field for a specific value OR that it does not exist.
I have the part for the specific value
{
"query": {
"match": {
"app.serviceType": {
"query": "MY_VALUE",
"type": "phrase"
}
}
}
}
I'd also like to add to this any case where the field serviceType doesn't exist at all.
Essentially I'd like the equivalent of this:
serviceType == "MY_VALUE" || string.IsNullOrEmpty(serviceType)
This request must match with your use case :
{
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"exists": {
"field": "serviceType"
}
},
{
"match_phrase": {
"serviceType": "MY_VALUE"
}
}
]
}
},
{
"bool": {
"must_not": [
{
"exists": {
"field": "serviceType"
}
}
]
}
}
]
}
}
}
Based on the previous answer (which didn't work but got me close) I was able to get it to work.
{
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"exists": {
"field": "app.serviceType"
}
},
{
"match_phrase": {
"app.serviceType": "MY_VALUE"
}
}
]
}
},
{
"bool": {
"must_not": [
{
"exists": {
"field": "app.serviceType"
}
}
]
}
}
]
}
}
}
I have a "date_created_tranx" and "phone_number_cust" fields. Few entries of date_created_tranx are null . I want to have particular phone_number within date_range and with null value.
a = {
"query": {
"bool": {
"must": [
{
"range": {
"date_created_tranx": {
"gte": "2019-12-01",
"lte": "2020-05-07"
}
}
},
{
"regexp": {
"phone_number_cust": ".*702625.*"
}
}
]
}
}
}
b = {
"query": {
"bool": {
"must": [{
"regexp": {
"phone_number_cust": ".*702625.*"
}
}],
"must_not": [{
"exists": {
"field": "date_created_tranx"
}
}
]
}
}
}
How to combine these ??
I cannot call it twice because The result is paginated
I am totally new to elastic search . Any leads will be helpful.
I tried
doc2 = {
"query" :{
"bool" : {
"must":[
a,
b
]
}
}
}
It throws
Error: RequestError: RequestError(400, 'parsing_exception', 'no [query] registered for [query]')
The query you're looking for is this one, i.e.:
We have a constraint on the phone number and we also check that either the date_created_tranx is within bounds or does not exist (i.e. is null).
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"range": {
"date_created_tranx": {
"gte": "2019-12-01",
"lte": "2020-05-07"
}
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "date_created_tranx"
}
}
}
}
],
"filter": [
{
"regexp": {
"phone_number_cust": ".*702625.*"
}
}
]
}
}
}
I would like to develop multiple if else condition like this :
if(condition 1)
{
process 1
}
else
{
if(condition 2.1)
{
process 2
}
else (condition 2.2)
{ process 3
}
}
is bool with must and should the optimized way to do it or can script be used? As my query is already huge, since it has fuzziness and wildcard already.
Thanks
I think you can use painless script query for your use case. Bool must query will not work in this case I think.
You can refer this page for how to use if else in the script query
.https://www.elastic.co/guide/en/elasticsearch/painless/6.0/painless-examples.html
GET /books/_search
{
"_source": [
"id",
"name",
"user",
"privacy"
],
"query": {
"bool": {
"must": [
{
"term": {
"status": {
"value": 1
}
}
},
{
"bool": {
"minimum_should_match": 1,
"should": [
{ //if
"bool": {
"must": [
{
"term": {
"user.privacy.mode": {
"value": 0
}
}
},
{
"term": {
"privacy.mode": {
"value": 0
}
}
}
]
}
},
{//else if
"bool": {
"must": [
{
"term": {
"user.privacy.mode": {
"value": 2
}
}
},
{
"bool": {
"minimum_should_match": 1,
"should": [
{// if
"nested": {
"path": "readers",
"query": {
"match": {
"readers.id": "621120dc86b8920019295363"
}
}
}
},
{ // else
"nested": {
"path": "buyers",
"query": {
"match": {
"buyers.purchase.id": "621120dc86b8920019290f50"
}
}
}
}
]
}
}
]
}
},
{// else if
"bool": {
"must": [
{
"term": {
"privacy.mode": {
"value": 2
}
}
},
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"nested": {
"path": "readers",
"query": {
"match": {
"readers.id": "621120dc86b89200195373"
}
}
}
},
{
"nested": {
"path": "buyers",
"query": {
"match": {
"buyers.purchase.id": "621120dc86b892001929036350"
}
}
}
}
]
}
}
]
}
}
]
}
}
],
"filter": {
"bool": {
"must_not": [
{
"term": {
"user.privacy.mode": 1
}
},
{
"term": {
"privacy.mode": 1
}
}
]
}
}
}
}
}
I want to get docs that are similar to multiple "groups" but separately. Each group has it's own rules (terms).
When I try to use more than one Should query inside a "bool" I get items that are a mix of both Should's terms.
I want to use 1 query total and not msearch for example.
Can someone please help me with that?
{
"explain": true,
"query": {
"filtered": {
"filter": {
"bool": {
"must_not": [
{
"term": {
"p_id": "123"
}
},
{
"term": {
"p_id": "124"
}
}
]
}
},
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"term": {
"cat": "1"
}
},
{
"term": {
"cat": "2"
}
},
{
"term": {
"keys": "a"
}
},
{
"term": {
"keys": "b"
}
}
]
}
},
{
"bool": {
"minimum_should_match": 1,
"should": [
{
"term": {
"cat": "6"
}
},
{
"term": {
"cat": "7"
}
},
{
"term": {
"keys": "r"
}
},
{
"term": {
"keys": "u"
}
}
]
}
}
]
}
}
}
},
"from": 0,
"size": 3
}
You can try using a terms aggregation on multiple fields with scripting and add a top hits aggregation as a sub-aggregation. Be warned this will be pretty slow. Add this after the query/filter and adjust the size parameter as needed
"aggs": {
"Cat_and_Keys": {
"terms": {
"script": "doc['cat'].values + doc['keys'].values"
},
"aggs":{ "separate_docs": {"top_hits":{"size":1 }} }
}
}
I'm currently struggling with an ElastSearch query which currently looks the following:
...
"query": {
"bool": {
"must_not": [
{
"term": {
"bool-facet.criteria1": {
"value": false
}
}
},
{
"term": {
"bool-facet.criteria2": {
"value": false
}
}
}
]
}
}
...
So now when either criteria1 OR criteria2 matches, the documents are ignored. How must the query look like so that only documents that match criteria1 AND criteria2 are ignored?
If you want simple AND-behavior, then just nest another bool query inside of it:
"query": {
"bool": {
"must_not": [
{
"bool": {
"filter": [
{
"term": {
"bool-facet.criteria1": false
}
},
{
"term": {
"bool-facet.criteria2": false
}
}
]
}
}
]
}
}
Note that by using the filter (as it's a yes/no question with no scoring needed, but if you wanted scoring, then you would use must instead of filter) you get the desired AND behavior. This changes the question to "not(any document that has criteria1 == false AND criteria2 == false)".
The following arrangement worked for me on a similar query in 5.5.1:
"query": {
"bool": {
"must": [
{
"bool":{
"must_not":{
"term":{
"bool-facet.criteria1": false
}
}
}
},
{
"bool":{
"must_not":{
"term":{
"bool-facet.criteria2": true
}
}
}
}
]
}
}
The other answers may have been correct for other versions, but did not work for me in 5.5.1.
Since updating elasticsearch version was not possible I had to find another solution. This is what worked for me:
"query": {
"bool": {
"must_not" : [
{
"query": {
"bool": {
"must": [
{
"term": {
"bool-facet.criteria1": false
}
},
{
"term": {
"bool-facet.criteria2": false
}
}
]
}
}
}
]
}
}
This behavior worked for me under 6.5.4:
GET model/_search
{
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "field1"
}
},
{
"exists": {
"field": "field2"
}
},
{
"exists": {
"field": "field3"
}
}
]
}
}
}