I having trouble with elasticsearch query.
Data Structrue:
[{agent : "abc", origin: "US"}, {agent : "abc", origin: "US"}
I'm not able to find multiple agent name (OR condition) and (AND Condition) multiple Origin (OR condition)
You can use a combination of bool/must/should clause along with the terms query
{
"query": {
"bool": {
"must": [
{
"terms": {
"agent": [
"abc",
"abc"
]
}
},
{
"terms": {
"origin": [
"US",
"US"
]
}
}
]
}
}
}
Since terms already has OR semantics, you don't need to wrap them in bool/should queries. The following query should do what you expect:
{
"query": {
"bool": {
"filter": [
{
"terms": {
"agent": [
"agent1",
"agent2"
]
}
},
{
"terms": {
"origin": [
"US",
"CA"
]
}
}
]
}
}
}
Related
Currently using bool query which searches for a combination of both input words or either one of input word on field "Name". How to search on multiple fields using wild cards?
POST inventory_dev/_search
{"from":0,"query":{"bool":{"must":[{"bool":{"should":[{"term":{"Name":{"value":"dove"}}},{"term":{"Name":{"value":"3.75oz"}}},{"bool":{"must":[{"wildcard":{"Name":{"value":"*dove*"}}},{"wildcard":{"Name":{"value":"*3.75oz*"}}}]}}]}}]}},"size":10,"sort":[{"_score":{"order":"desc"}}]}
You can use query_string in place of wildcard query, to search on multiple fields
{
"from": 0,
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"term": {
"Name": {
"value": "dove"
}
}
},
{
"term": {
"Name": {
"value": "3.75oz"
}
}
},
{
"bool": {
"must": [
{
"query_string": {
"query": "*dove*",
"fields": [
"field1",
"Name"
]
}
},
{
"query_string": {
"query": "*3.75oz*",
"fields": [
"field1",
"Name"
]
}
}
]
}
}
]
}
}
]
}
},
"size": 10,
"sort": [
{
"_score": {
"order": "desc"
}
}
]
}
{
"application": {
"package_name": "com.jackhenry.OregonFirstCU",
"countries": [
{
"short_name": "US"
}
]
},
"application": {
"package_name": "com.jackhenry.OregonFirstCU",
"countries": [
{
"short_name": "US"
}
]
},
"application": {
"package_name": "com.jackhenry.OregonFirstCU",
"countries": [
]
}
}
How can I get results for both empty array and US for application.countries and application.countries.short_name
In short you want to fetch results which either contain US or do not contain any country name. You can apply should between term and not exists
{
"query": {
"bool": {
"should": [
{
"bool": {
"must_not": {
"exists": {
"field": "application.countries.short_name"
}
}
}
},
{
"term": {
"application.countries.short_name": [
"US"
]
}
}
]
}
}
I have the next query that include some filters:
{
"from": 0,
"query": {
"function_score": {
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"idpais": [
115
]
}
},
{
"term": {
"tipo": [
1
]
}
}
],
"must_not": [
{
"term": {
"idregistro": [
5912471,
3433876,
9814443,
11703069,
6333176,
8288242,
9924922,
6677850,
11852501,
12530205,
4703469,
12776479,
12287659,
11823679,
12456304,
12777457,
10977614,
...
]
}
}
]
}
},
"query": {
"bool": {
"should": [
{
"match_phrase": {
"area": "Coordinator"
}
},
{
"match_phrase": {
"company": {
"boost": 5,
"query": "IBM"
}
}
},
{
"match_phrase": {
"topic": "IT and internet stuff"
}
},
{
"match_phrase": {
"institution": {
"boost": 5,
"query": "University of my city"
}
}
}
]
}
}
}
},
"script_score": {
"params": {
"idpais": 115,
"idprovincia": 0,
"relationships": []
},
"script_id": "ScoreUsuarios"
}
}
},
"size": 24,
"sort": [
{
"_script": {
"order": "desc",
"script_id": "SortUsuarios",
"type": "number"
}
}
]
}
The must_not filter has a big bunch of values to exclude (around 200 values), but it looks like elasticsearch ignores those values and it includes on the result set. If I try to set only a few values (10 to 20 values) then elasticsearch applies the must_not filter.
Exists some restriction a bout the amount of values in the filters? Exists some way to remove a big amount of results from the query?
terms query is used for passing a list of values not term query.You have to use it like below in your must filter.
{
"query": {
"terms": {
"field_name": [
"VALUE1",
"VALUE2"
]
}
}
}
Is it possible to use multiple terms condition for specific fields in bool filter?
query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"terms": {
"events": [
"abc",
"def",
"ghi",
"jkl"
]
},
"terms" : {
"users" : [
"user_1",
"user_2",
"user_3"
]
}
}
]
}
}
}
}
First terms filter is working fine, but i am not able to use second terms, Please correct if i am doing anything wrong with the above query.
You were almost there, you forgot one brace. Here's correct query:
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"terms": {
"events": [
"abc",
"def",
"ghi",
"jkl"
]
}
},
{
"terms": {
"users": [
"user_1",
"user_2",
"user_3"
]
}
}
]
}
}
}
}
}
This will evaluate both conditions:
Your event must be one of abc/def/ghi/jkl
User must be either user_1/user_2/user_3
Basicly each terms query/filter needs to be wrapped up in its' own braces and they need to be siblings.
I'm new to Elasticsearch. I don't think I fully understand the concept of query and filters. In my case I just want to use filters as I don't want to use advance feature like scoring.
How would I convert the following SQL statement into elasticsearch query?
select * from tablename where (name="d" and time>1231312) or (name="ds" and time>21)
{
"filter" : {
"or":[
{ "and" : [
{"range": {"time": {"gt": 1231312}}},
{"term" : {"name":"d"}}
]},
{ "and" : [
{"range": {"time": {"gt": 21}}},
{"term" : {"name":"ds"}}
]}
]
}
}
Here is the query DSL which is equivalent to your sql query. The query_string/query filter is not cached by default that's why I have use _cache:true performance wise it will works good.
curl -XPOST http://localhost:9200/index_name/_search '{
"filter": {
"or": {
"filters": [
{
"fquery": {
"query": {
"bool": {
"must": [
{
"term": {
"name": "d"
}
},
{
"range": {
"time": {
"gte":1231312
}
}
}
]
}
},
"_cache": true
}
},
{
"fquery": {
"query": {
"bool": {
"must": [
{
"term": {
"name": "ds"
}
},
{
"range": {
"time": {
"gte":21
}
}
}
]
}
},
"_cache": true
}
}
]
}
}
}'