"I am searching in a elasticsearch cluster GET request on the basis of sourceID tag with value :- "/A/B/C/UniqueValue.xml" and search query looks like this:-"
{
"query": {
"bool": {
"must": [
{
"term": {
"source_id": {
"value": "/A/B/C/UniqueValue.xml"
}
}
}
]
}
}
}
"How can i replace "/A/B/C" from any wildcard or any other way as i just have "UniqueValue.xml" as an input for this query. Can some please provide the modified search Query for this requirement? Thanks."
The following search returns documents where the source_id field contains a term that ends with UniqueValue.xml.
{
"query": {
"wildcard": {
"source_id": {
"value": "*UniqueValue.xml"
}
}
}
}
Note that wildcard queries are expensive. If you need fast suffix search, you could add a multi-field to your mapping which includes a reverse token filter. Then you can use prefix queries on that reversed field.
Related
I have documents indexed in ES with the following structure:
doc 1:
{
"map": {
"field1": ["foo"],
"field2": ["bar"]
}
}
doc2
{
"map": {
"fieldN": ["foo"],
}
}
I need to search all the documents that match a specific value under any key in the "map" object. Since the fields in "map" are dynamic, the value can be found under any key.
I tried different queries but none of them seems to work since it looks like for all the cases, I need to specify the field explicitly (ex.: map.field1 = "foo")
I would hope to be able to do a search like this:
{
"fields": ["map.*"],
"query": "foo"
}
Any recommendations on how to approach this type of search?
You can use multi-match query, to search for a query term on map.* fields
{
"query": {
"multi_match" : {
"query": "foo",
"fields": [ "map.*" ]
}
}
}
I'm trying to filter out some documents in elastic search 8.4. The issue I'm having is something like this...
must_not: [
match: { ingredients: { query : 'peanut butter' } }
]
seems to break the query into 'peanut' and 'butter'. Then, documents which contain the ingredient 'butter' get incorrectly filtered. Is there a way to prevent this tokenizing without defining a custom analyzer? Or perhaps a different way to search to get that result?
If you don't want to filter documents with just "peanut" or "butter" you need to use the "and" operator. In this way only documents with "peanut butter" will be filtered.
{
"query": {
"bool": {
"must_not": [
{
"match": {
"ingredients": {
"query": "peanut butter",
"operator": "and"
}
}
}
]
}
}
}
Suppose I have a string like
/something/other/123
I want to be able to search 123. For some reason given that the string is indexed as keyword, when I attempt to do
GET /_search
{
"query": {
"wildcard": {"myfield": {"value": "*123"}}
}
}
It gives nothing, why is that?
Wildcard query works on the keyword field. if you have .keyword subfield(if Elasticsearch generated the mapping for your myfield) then below query returns the result.
{
"query": {
"wildcard": {
"myfield.keyword": { --> note .keyword in the field name.
"value": "*123"
}
}
}
}
I am using kibanna
I am trying to put filter on a field container_name = "armenian"
but I have other container names with following names
armenian_alpha
armenian_beta
armenian_gama
armenian1
armenian2
after putting the filter , search query in kibanna becomes
{
"query": {
"match": {
"container_name": {
"query": "armenian",
"type": "phrase"
}
}
}
}
But the output searches logs for all containers , as I can see the Elastic search query is using a pattern matching
How can I put an exact match with the string provided and avoid the rest ?
You can try out with term query. Do note that it is case sensitive by default unless you specify with case_insensitive equals to true. Also, if your container_name is a text field type instead of keyword field type, do add the .keyword after the field name. Otherwise, ignore the .keyword.
Example:
GET /_search
{
"query": {
"term": {
"container_name.keyword": {
"value": "armenian"
}
}
}
}
Link here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
I would recommend using a direct wildcard in query or wildcard as follow
GET /_search
{
"query": {
"match": {
"container_name": {
"query": "*armenian",
"type": "phrase"
}
}
}
}
GET /_search
{
"query": {
"wildcard": {
"container_name": {
"value": "*armenian"
}
}
}
}
With *armenian you are ensuring that armenian comes at the end.
{
"size": 0,
"query": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-30m/m"
}
}
},
{
"match": {
"type": "ERROR"
}
},
{
"wildcard": {
"Name": "*Rajesh*"
}
},
{
"wildcard": {
"Name": "*Shiv*"
}
}
]
}
}
}
I want search in the name field using wildcard that matches any of the two wildcard values (Rajesh,Shiv).And i need to look tat the results from last 30 minutes. When i am using this wildcard, it does not give me any result. Replacing 'Wildcard' with 'match' worked though . like "match" :"Rajesh" or "match" :"Shiv". Is there something wrong with usage of wildcard in my query ?
Most probably cause of the error is that you are using text field to store the names like Rajeash and Shiv and text fields by default uses the standard analyzer which lowercase the generated tokens so tokens would be creates as rajesh and shiv. Note the lowercase in the tokens.
When you use the match query, it uses the same analyzer so again it search with lowercase tokens and you get the result while wildcard query you are specifying the capital letter which doesn't matches the tokens in index.
change your wildcard query to *rajesh* and *shiv* and it should work, otherwise provide the mapping to further debug the issue.