Develop Reference

Elasticsearch Query + Agg search query

Data in my elasticsearch contains a field named facilityName. I have a requirement where I have to see if there are any duplicate records with facilityNameTypeCode as "UWI" and having same facilityName value. Following is a structure example:
"facilityName": [
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "Rishav jayswal"
},
{
"facilityNameTypeId": {
"facilityNameTypeCode": "Name"
},
"facilityName": "R.M"
}
]
This is the query I created:
GET _search
{
"query" : {
"term" : {"facilityName.facilityNameTypeId.facilityNameTypeCode" : "UWI"}
},
"aggs" : {
"duplicateNames": {
"terms": {
"field": "facilityName.facilityName",
"size": 0,
"min_doc_count": 2
}
}
}
}
But I am having this error:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27
}
],
"type": "parsing_exception",
"reason": "[terms] failed to parse field [size]",
"line": 10,
"col": 27,
"caused_by": {
"type": "illegal_argument_exception",
"reason": "[size] must be greater than 0. Found [0] in [duplicateNames]"
}
},
"status": 400
}
Can anyone suggest on how to do this?

The error is pretty clear
[size] must be greater than 0. Found [0] in [duplicateNames]
So simply set size to something bigger than 0, it doesn't make much sense to set it to 0 anyway
"terms": {
"field": "facilityName.facilityName",
"size": 10,
"min_doc_count": 2
}

Nested Query Compatibility in Elastic Search 5.6

I have below payload in my REST call (POST) and its working fine Elastic search 2.1.1 but not in ES 5.6.7
{"from":0,"size":5,"sort":[{"releasedDate":{"order":"desc"}}],"query":{"query_string":{"query":{"query":"demo demo*","defaultOperator":"and"}}}}
In ES 5.6.7, I got below exception
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "[query_string] unknown token [START_OBJECT] after [query]",
"line": 1,
"col": 96
}
],
"type": "parsing_exception",
"reason": "[query_string] unknown token [START_OBJECT] after [query]",
"line": 1,
"col": 96
},
"status": 400
}
Anyone have any idea why the payload is not working in ES 5.6.7 ??

In ES 5.6.7 you need to write it like this:
{
"from": 0,
"size": 5,
"sort": [
{
"releasedDate": {
"order": "desc"
}
}
],
"query": {
"query_string": {
"query": "demo demo*",
"default_operator": "and"
}
}
}
Find the documentation here.

script_score query does not support [source]

I'm using the official Docker image for Elasticsearch OSS (docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.4) and can't seem to get script_score working at all. It seems like scripting isn't enabled.
For example, this:
POST http://localhost:9200/address/address/_search
{
"query": {
"function_score": {
"query": {
"match": {
"fullAddress": {
"query": "13 fake",
"operator": "and"
}
}
},
"script_score": {
"lang": "expression",
"source": "doc['flatNumber'].length"
}
}
}
}
gives me this:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "script_score query does not support [source]",
"line": 13,
"col": 15
}
],
"type": "parsing_exception",
"reason": "script_score query does not support [source]",
"line": 13,
"col": 15
},
"status": 400
}
I tried enabling it:
PUT http://localhost:9200/_cluster/settings
{
"persistent": {
"script.engine.groovy.inline.aggs": "on"
}
}
but to no avail:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "persistent setting [script.engine.groovy.inline.aggs], not recognized"
}
],
"type": "illegal_argument_exception",
"reason": "persistent setting [script.engine.groovy.inline.aggs], not recognized"
},
"status": 400
}
How do I get script_score working?

You're simply missing a script section in your script_score. Modify it like this and it will work:
"script_score": {
"script": {
"lang": "expression",
"source": "doc['flatNumber'].length"
}
}

How i can apply match and range in the query DSL in elasticsearch

I want use the match and range, my body in the query is :
{
"query": {
"match" : {
"netscaler.ipadd" : "192.68.2.39"
},
"range": {
"#timestamp": {
"gte":"2015-08-04T11:00:00",
"lt":"2015-08-04T12:00:00"
}
}
},
"aggs" : {
"avg_grade" : {
"avg" : { "field" : "netscaler.stat.system.memusagepcnt" }
}
}
}
and elsaticsearch responds with:
{
"error": {
"root_cause": [{
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
}],
"type": "parsing_exception",
"reason": "[match] malformed query, expected [END_OBJECT] but found [FIELD_NAME]",
"line": 6,
"col": 7
},
"status": 400
}
I need know which is the best way or the correct way for do that.

If you have multiple queries you probably should wrap them inside a bool query:
{
"query": {
"bool": {
"must": [
{
"match": {
"netscaler.ipadd": "192.68.2.39"
}
},
{
"range": {
"#timestamp": {
"gte": "2015-08-04T11:00:00",
"lt": "2015-08-04T12:00:00"
}
}
}
]
}
},
"aggs": {
"avg_grade": {
"avg": {
"field": "netscaler.stat.system.memusagepcnt"
}
}
}
}
More info in the docs

Elasticsearc-5.0.0 Weighted average

I wanted to try weighted average on ES-5.0.0.
I tried something with json code:
GET ABC/xyz/_search
{
"aggs": {
"myAggr": {
"terms": {
"field": "UrunNo",
"order": { "weightedAvg": "desc"}
},
"aggs": {
"weightedAvg": { "avg" : { "script" : "[values: doc['BirimFiyat'].value, weights: doc['Adet'].value]" }}
} } } }
I have error:
{"error": {
"root_cause": [
{ "type": "parsing_exception",
"reason": "Unexpected token VALUE_STRING [script] in [weightedAvg].",
"line": 9,
"col": 49
} ],
"type": "parsing_exception",
"reason": "Unexpected token VALUE_STRING [script] in [weightedAvg].",
"line": 9,
"col": 49
},"status": 400 }
What is the problem? or Is Weighted average possible on ES-5.0.0?