My index contains documents with fields called send_date and tags. Currently I'm fetching documents which contains any tag specified by the user.
Exemplary query:
{
"query": {
"query_string": {
"query": "\"this is tag1\" \"this is tag2\"",
"fields": ["tags"],
"default_operator": "OR"
}
}
}
But now I'd like to query my index to return me documents which contains:
this is tag1 and were send in date range (a, b)
or
this is tag2 and were send in date range (c, d)
Is this is possible using single query and some mix of bool / range queries?
if you want to stick to query_string, you can do it like this:
{
"query": {
"query_string": {
"query": "(tags:\"this is tag1\" AND date:[2020-01-01 TO 2021-01-01]) OR (tags:\"this is tag2\" AND date:[2020-06-01 TO 2020-07-01])",
"default_operator": "OR"
}
}
}
Otherwise, you can leverage range queries and combine them with the query_string one in a bool/shouldcombo:
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"filter": [
{
"query_string": {
"query": "tags:\"this is tag1\"",
"default_operator": "OR"
}
},
{
"range": {
"date": {
"gte": "2020-01-01",
"lte": "2021-01-01"
}
}
}
]
}
},
{
"bool": {
"filter": [
{
"query_string": {
"query": "tags:\"this is tag2\"",
"default_operator": "OR"
}
},
{
"range": {
"date": {
"gte": "2020-06-01",
"lte": "2020-07-01"
}
}
}
]
}
}
]
}
}
}
Related
Query: Get employee name "Mahesh" whose id is "200" and joining datetime is in a given date range and his epf status must be either 'NOK' or 'WRN'. (Possible values of epf_status are {OK,NOK,WRN,CANCELLED}.
I have written the following query, that matches epf_status also with OK, CANCELLED, but it must only match when epf_status is either 'NOK' or 'WRN'. What else do I need to change to make it work, as required?
GET myindex01/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"empname": { "query": "Mahesh", "operator": "AND" }
}
},
{
"match": {
"empid": { "query": "200", "operator": "AND" }
}
},
{
"range": {
"joining_datetime": {
"gte": "2020-01-01T00:00:00",
"lte": "2022-06-24T23:59:59"
}
}
}
],
"should": [
{ "match": { "epf_status": "NOK" } },
{ "match": { "epf_status": "WRN" } }
]
}
}
}
SAMPLE DATA:
{"Mahesh","200","2022-04-01","OK"}
{"Mahesh","200","2022-04-01","NOK"}
{"Mahesh","200","2022-04-01","WRN"}
{"Mahesh","200","2022-04-01","CANCELLED"}
REQUIRED OUTPUT:
{"Mahesh","200","2022-04-01","NOK"}
{"Mahesh","200","2022-04-01","WRN"}
Tldr;
You could be using the terms query for that I believe.
Returns documents that contain one or more exact terms in a provided field.
To solve
GET myindex01/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"empname": { "query": "Mahesh", "operator": "AND" }
}
},
{
"match": {
"empid": { "query": "200", "operator": "AND" }
}
},
{
"range": {
"joining_datetime": {
"gte": "2020-01-01T00:00:00",
"lte": "2022-06-24T23:59:59"
}
}
}
],
"should": [
{ "terms": { "epf_status": ["NOK", "WRN"] } }
]
}
}
}
Dears,
I need your advice/explanation.
This is my query which select document from index which not include field f1.rc. I don't understand why.
What is wrong in below query? Any idea?
In my opinion this query should select documents that meet both conditions f1.rc and f1.mti. I'm confused.
GET /index-2022.04.14/_search?size=100&pretty=true
{
"query": {
"bool": {
"must": [
{
"match": {
"f1.iface.keyword":"MOSS"
}
},
{
"query_string": {
"query": "(server01\\.domain\\.com) OR (server02\\.comain\\.com)",
"default_field": "agent.hostname",
"default_operator": "AND"
}
},
{
"term": {
"log.file.path.keyword": {
"value": "/apps/myapp1/log/cssf1.log"
}
}
},
{
"query_string": {
"query": "(f1.rc:/[0]\\d{2}/ and f1.mti:/\\[1][12][13579]\\d/) "
}
},
{
"range": {"#timestamp": {"gt": "2022-04-14T15:08:50","lte": "2022-04-14T15:08:51"}}
}
]
}
}
}
}
Best Regards,
Dan
I'm looking to get data between two dates in elasticsearch.
I have tried to put "gte": "20-04-2019" and "lte": "21-04-2019" as shown below, but I still get other anterior dates in the final result:
GET aws-index2/produit/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"commun.nom": {
"query": "iphone",
"operator": "and",
"zero_terms_query": "all"
}
}
},
{
"range": {
"commun.date": {
"gte": "20-04-2019",
"lte": "21-04-2019",
"format": "dd-MM-yyyy"
}
}
}
]
}
}
}
In the sample document you give, commun.date looks like this "04-20-2019", which means that the format is not dd-MM-yyyy but MM-dd-yyyy. So your query should probably look like this instead:
GET aws-index2/produit/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"commun.nom": {
"query": "iphone",
"operator": "and",
"zero_terms_query": "all"
}
}
},
{
"range": {
"commun.date": {
"gte": "04-20-2019",
"lte": "04-21-2019"
}
}
}
]
}
}
}
How am I able to put both of these queries together, as you can see that query one is bringing back all the date from today and the second query is bringing back data for all users that has the name test in it.
So I want to bring back all of the data for data with the name that has test in it.
Could someone show me how this is done please?
Query one:
{
"_source":["VT"],
"query": {
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}}
}
Query two:
from elasticsearch import Elasticsearch
es = Elasticsearch(["9200"])
res = es.search(index="search", body=
{
"_source": ["DTDT", "TRDT"],
"query": {
"bool": {
"should": [
{"wildcard": {"N": "TEST*"}}
]
}
}
}, size=10
)
for doc in res['hits']['hits']:
print(doc)
You can use a bool query with two must clauses, like this:
{
"_source": ["DTDT", "TRDT", "VT"],
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"wildcard": {
"N": "TEST*"
}
}
]
}
}
}
Check out the docs for the bool query.
This will help you:
POST _search
{
"query": {
"bool": {
"must": [
{
"range": {
"VT": {
"gte": "now/d",
"lt": "now/d+13h"
}
}
},
{
"match": {
"N": {
"query": "TEST",
"operator": "and"
}
}
}]
}
}
}
Can you please tell me when to use query string and when to use wildcard.
In the below scenario what should I use
POST _search
{
"query": {
"filtered": {
"query": [{
"query_string": {
"fields": [
"afDeparture"
],
"query": "16feb*"
}
}],
"filter": [
{ "term": { "boardPoint": "dxb" }},
{ "range": { "localDeparture": { "gte": 1454270400000 }}}
]
}
}
}
Query_String value is parsed with a query parser to get the actual query
Like name:this AND surname:that
But the wildcard query is a term level query that only evaluates the * and ?
To sum up query_string's value is also a query to be parsed but wildcard_query value is an expression
Your query can be
{
"query": {
"wildcard": {
"afDeparture": {
"value": "16feb*"
}
},
"filter": [
{ "term": { "boardPoint": "dxb" }},
{ "range": { "localDeparture": { "gte": 1454270400000 }}}
]
}
}