there i tried searching query on index where the result should come by searching on the field . But the searching pattern should be like:
lets say i have 3 fields :A ,B,C .
so if the searched query matches on field A then return that value and don't perform search operation on other field B,C.
i tried using multi match and highlight feature to search but unable to get desired output...
So , if any one can help it will be great.
Thank you.
Related
I am trying to implement suggest feature - Suggest Usage | Elasticsearch .NET Client [8.4] | Elastic 1 for handling misspelled words in my search implementation.
My search query is executed across multiple indices but while trying to use the suggest functionality , i am running into failures due to unmappaed fields.
Suppose i have an index named People which has a field - "name". Another index named news which has a field named - "title". My query was executed across both indices at the same time and search query had rules defined for both name and title fields. But while using suggest, i only want to return suggestions for name field in person index as part of the same query. As a result of this my news index is returning a failure that no mapping found for field name.
Is there a work- around in the suggest functionality via which i can specify an index name for the field mentioned in suggest - Suggest Usage | Elasticsearch .NET Client [8.4] | Elastic 1 OR can i ignore unmapped fields and continue to return search results from the other index (news) without returning any suggestions for misspelled words for that index.
I am trying to create one query in the Kibana search bar to retrieve some specific documents.
The goal is to get the documents that either have the field "myDate" before 2019-10-08 or "myDate" does not exist.
I have documents that meet one or the other condition.
I started by creating this query :
myDate:<=2019-10-08 OR NOT _exists_:myDate
But no documents were returned.
Since it did not work, I tried some other ways i found online :
myDate:<=2019-10-08 OR NOT (_exists_:myDate)
myDate:<=2019-10-08 OR !(_exists_:myDate)
myDate:<=2019-10-08 OR NOT (myDate:*)
But still, no results.
When I use either "part" of the "OR" condition, it works perfectly : I get either the documents who have myDate<=2019-10-08 or the ones that do not have a "myDate" field filled.
But when I try with both conditions, I get no document.
I have to use only the search bar to find these documents, neither an elasticsearch rest query nor by using kibana filters.
Thank you for your help :)
Below query works. Use Inspect button in kibana to see what query is actually being fired and make sure you are using correct index pattern as well.
(myDate:<=2019-12-31) OR (NOT _exists_:myDate)
Take a look at Query DSL documentation for Boolean operators for more better understanding with different use cases
How can I get the list of terms that elasticsearch matched in each result? I know the highlight contains this but I want to get a list of the terms that were found without manually performing postprocessing on the highlight for each result.
You could use named queries with unique query for each term.
Search result will contain matched queries for each document in result.
I am using ELK and I need to filter all the documents with an unmatched COUNTRY (from geoip)
Theses properties looks like:
'IPCOUNTRY': '??'
But I just can't filter on this special value...
I tried
IPCOUNTRY:?? => ? is evaluated > returns all records > normal case-
IPCOUNTRY:\?\? => Doesn't return any document... but lucene documentation says it should be the good way of achieving this...
IPCOUNTRY:"??" => doesnt work
IPCOUNTRY:'??' => doesnt work
EDIT:
This case doesn't work too
- IPCOUNTRY:/[^A-Z]{2}/
Simple but boring issue ^^
Thanx!
You could try :
!IPCOUNTRY:"?"
-IPCOUNTRY:"?"
NOT IPCOUNTRY:"?"
If you have an unanalyzed IPCOUNTRY field, you can do something like :
!IPCOUNTRY.raw:"??"
This is an elasticsearch mapping issue. Punctuation is dropped. You'll need to set your field to an analyzer that would keep ?. Maybe keyword? or not_analyzed?
extract from https://github.com/elastic/kibana/issues/6561#issuecomment-197951710
If all of your fields have documents same as 'IPCOUNTRY': '??', then you can directly filter this field which will exclude the field from matches.
To directly add a filter you can do it in the following 2 ways:-
In Discover page open the text and find the field. Click on + magnifier to add the field as a filter.
In Discover page, on the left side where fields are listed. Click on field name & select the value portaying as ?? to add it as a filter.
How can we do multiple field search in Elastic search.
for example I want to search subcategory and region, for one field it is working for multiple field search how we have to do.
Below link is working fine, since I am using one field only for search
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news&sort=pubdate_timestamp:desc
but when I try to search multiple field for example sub_cat_seo_url and region it is not working
see this link (not working)
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news,region:1&sort=pubdate_timestamp:desc
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news®ion:1&sort=pubdate_timestamp:desc
According to documentation, it should work
See http://www.elasticsearch.org/guide/reference/query-dsl/query-string-query.html
That being said, you can also use the following:
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=%2Bsub_cat_seo_url%3Aenglish-news+%2Bregion%3A1&sort=pubdate_timestamp:desc
NOTE :
The existing mapping makes your field "sub_cat_seo_url" analyzed which is analyzed using standard analyzer. Hence, when you are searching for "english-news" it gets tokenized into "english", "news" which results in any document matching either english or news to be valid matches. For eg. "telugu-news" is a valid match for your query. Not sure if it is intentional.
In your mapping you need to mark it as "not_analyzed" for exact match.
Note : %2b is decoded as '+' whereas '+' is decoded as ' '