In elasticsearch it's possible to execute the following query:
GET /_search
{
"query": {
"query_string": {
"query": "(apple) OR (banana)",
}
}
}
This results in all documents having any field with the value 'apple' or 'banana'. I'm looking for a way to prevent the user from writing queries like "(apple) OR (banana)" in the search box. This should be converted to a literal search for "(apple) OR (banana)" (so returning any document with a value set to "(apple) OR (banana)"). What's the best way to do this?
To give a bit more context: "query_string" was chosen to be able to perform 'contains' queries on entire documents using wildcards.
Thank you in advance!
[Edit] To be a bit more clear:
Example:
Doc 1: { "snack": "apple" }
Doc 2: {"snack": "banana"}
Doc 3: {"snack": "(apple) OR (banana)"}
If the user would search for "(apple) OR (banana)" this normally results in Doc 1 and Doc 2, but I would want it to match only with Doc 3.
Solved thanks to #Bhavya and #TreffnonX:
Summary: took #Bhavya solution, but wrapped my search string in extra double quotes:
GET _search
{
"query": {
"query_string": {
"query": "\"\\(apple\\) OR \\(banana\\)\""
}
}
}
or
GET _search
{
"query": {
"query_string": {
"query": "\"(apple) OR (banana)\""
}
}
}
Adding a working example with index data,search query, and search result
Index Data:
{ "snack": "apple" }
{"snack": "banana"}
{"snack": "(apple) OR (banana)"}
Search Query:
{
"query": {
"query_string": {
"query": "\\(apple\\) OR \\(banana\\)"
}
}
}
Search Result:
"hits": [
{
"_index": "stof_64352271",
"_type": "_doc",
"_id": "1",
"_score": 4.0350027,
"_source": {
"snack": "(apple) OR (banana)"
}
}
]
Related
I am trying to write an elastic search query for searching the data with two.conditions something as below
{
"query": {
"match": {
"trackingId": "track4324234234244",
"log_message": "downstream request-response"
}
}
}
The above query wont work because [match] query doesn't support multiple fields. Is there a way I can achieve this.
You can use Bool query, where a must clause can be used.
must means: The clause (query) must appear in matching documents. These clauses must match, like logical AND.
To know about the difference between must and should refer to this SO answer
Adding Working example with sample docs and search query
Index Sample Data:
{
"trackingId":"track4324234234244",
"log_message":"downstream request-response"
}
{
"trackingId":"track4324234234244",
"log_message":"downstream"
}
{
"trackingId":"tracks4324234234244",
"log_message":"downstream request-response"
}
Search query:
{
"query": {
"bool": {
"must": [
{
"match": {
"trackingId": "track4324234234244"
}
},
{
"match": {
"log_message": {
"query": "downstream request-response",
"operator": "and"
}
}
}
]
}
}
}
Search Result:
"hits": [
{
"_index": "my_index",
"_type": "_doc",
"_id": "1",
"_score": 1.8570712,
"_source": {
"trackingId": "track4324234234244",
"log_message": "downstream request-response"
}
}
]
Apart from Bool, you can also make use of simple query string as mentioned below:
POST <your_index_name>/_search
{
"query": {
"simple_query_string": {
"fields": ["trackingId", "log_message"],
"query": "track4324234234244 downstream request-response",
"default_operator": "AND"
}
}
}
Note how I've just added all the terms and made use of default_operator: AND so that it returns only documents having all the terms present in the fields.
There is also query_string however I would recommend using the above one as query_string works in strict fashion meaning, it would throw errors if the query string has any syntax errors while simple_query_string does not.
POST <your_index_name>/_search
{
"query": {
"query_string": {
"fields": ["trackingId", "log_message"],
"query": "(track4324234234244) AND (downstream request-response)",
"default_operator": "AND"
}
}
}
So as to when to use simple_query_string, mostly only if you would want to expose the query string or terms to end user, at that point which this would be useful.
Hope that helps!
Works as expected:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau"
}
}
}
an added wildcard at the end delivers no results and I wonder why:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau*"
}
}
}
how to fix it?
elasticsearch v5.3.2
This delivers results:
{
"query": {
"query_string": {
"query": "Hofstetten*"
}
}
}
I use a single search field. The end user can freely use wildcards as they see fit. A user might type in:
hofstetten grünau
+ort:hofstetten-grünau
+ort:Hofstetten-G*
so using a match query wont work out for me.
I am using Jest (Java Annotations) as Mapping, and using "default" for this field. My index mapping declares nothing special for the field:
{
"mappings": {
"_default_": {
"date_detection": false,
"dynamic_templates": [{
}]
}
}
}
Adding the wildcard "*" at the end of your query string is causing the query analyzer to interpret the dash between "Hofstetten" and "Grünau" as a logical NOT operator. So you're actually searching for documents that contain Hofstetten but do NOT contain Grünau.
You can verify this by doing the following variations of your search:
"query": "Hofstetten-XXXXX" #should not return results
"query": "Hofstetten-XXXXX*" #should return results
To fix this I would recommend using a match query instead of a query_string query:
{"query": {"match": { "city": "Hofstetten-Grünau" }}}'
(with whatever your appropriate field name is in place of city).
I need to get a document but I have no idea what index it is in. I have a bunch of indices for different days; all prefixed with "mydocs-". I've tried:
GET /mydocs-*/adoc/my_second_doc
returns "index_not_found_exception"
GET /mydocs-*/adoc/_search
{
"query": {
"bool":{
"filter": [{
"term":{
"_id": ["my_second_doc"]
}
}]
}
}
}
returns all the docs in the index.
Now, if I search the specific index I can get the doc. Problem is that I don't always know the index it is in beforehand. So, I'd have to search many, many indices for it (thousands of indices).
GET /mydocs-12/adoc/my_second_doc
returns the desired doc.
Any ideas on how to do an efficient Get/Search for the doc?
Have you tried with :
GET mydocs-*/adoc/_search
{
"query": {
"term": {
"_id": "my_second_doc"
}
}
}
Or more specifically with :
GET mydocs-*/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"_id": "my_second_doc"
}
},
{
"term": {
"_type": "adoc"
}
}
]
}
}
}
The above two queries will find all the documents whose index starting with mydocs-, type is adoc and id is my_second_doc.
Some background info: In the bellow example user searched for "HTML CSS". I split each word from the search string and created the SQL query seen bellow.
Now I am trying to make an elastic search query that has the same logic as the following SQL query:
SELECT
title, description
FROM `classes`
WHERE
(`title` LIKE '%html%' AND `title` LIKE '%css%') OR
(description LIKE '%html%' AND description LIKE '%css%')
Currently, half way there but can't seem to get it right yet.
{
"query": {
"bool": {
"must": [
{
"term": {
"title": "html"
}
},
{
"term": {
"title": "css"
}
}
]
}
},
"_source": [
"title"
],
"size": 30
}
Now I need to find how to add follow logic
OR (description LIKE '%html%' AND description LIKE '%css%')
One important point is that I need to only fetch documents that have both words in either title or disruption. I don't want to fetch documents that have only 1 word.
I will update questions as I find more info.
Update: The chosen answer also provides a way to boost scoring based on the field.
Can you try following query. You can use should for making or operation
{
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"match": { // Go for term if your field is analyzed
"title": {
"query": "html css",
"operator": "and",
"boost" : 2
}
}
}
]
}
},
{
"bool": {
"must": [
{
"match": {
"description": {
"query": "html css",
"operator": "and"
}
}
}
]
}
}
],
"minimum_number_should_match": 1
}
},
"_source": [
"title",
"description"
]
}
Hope this helps!!
I feel most appropriate query to be used in this case is multi_match.
multi_match query is convenient way of running the same query on
multiple fields.
So your query can be written as:
GET /_search
{
"_source": ["title", "description"],
"query": {
"multi_match": {
"query": "html css",
"fields": ["title^2", "description"],
"operator":"and"
}
}
}
_source filters the dataset so that only fields mentioned in array
will be displayed in results.
^2 denotes boosting title field with the number 2
operator:and makes sure that all terms in query must be matched
in either fields
From the elasticsearch 5.2 doc:
One option is to use the nested datatype instead of the object datatype.
More details here: https://www.elastic.co/guide/en/elasticsearch/reference/5.2/nested.html
Hope this helps
If we give exact match or only one character its working fine, but if we give 2 or 3 characters auto complete is not working. For example if we give T or Test its working, but if i give Tes its not working.
My data looks like this
PUT /test/test/1
{
"id": "1",
"input": "Test",
"output": ["Testing", "Testing"]
}
PUT /test/test/2
{
"id": "2",
"input": "Test two",
"output":["Testing", "Testing"]
}
My elastic query is
{
"query": {
"query_string": {
"query": "tes"
}
}
}
You forgot a wildcard I believe:
GET /test/test/_search
{
"query": {
"query_string": {
"query": "tes*"
}
}
}
You may also want to use "query": "input:tes*" to autocomplete only one specific field.