I tried:
GET /_search
{
"query": {
"simple_query_string" : {
"query": "\"sometext*\"",
"fields": ["name"],
"default_operator": "and",
"quote_field_suffix": '.raw',
"analyze_wildcard": true
}
}
}
but the search result is incorrect.
for example, there is an index:
prefixsometext
sometextone
sometexttwo
I need to find only 2 and 3 when querying "sometext*"
Wildcard are slow, you can use match_phrase_prefix instead
{
"query": {
"match_phrase_prefix": {
"text": "sometext"
}
}
}
Result:
"hits" : [
{
"_index" : "index20",
"_type" : "_doc",
"_id" : "7tdM7XEBxsgtRl4gFK-i",
"_score" : 0.9808291,
"_source" : {
"text" : "sometextone"
}
},
{
"_index" : "index20",
"_type" : "_doc",
"_id" : "79dM7XEBxsgtRl4gJq8Z",
"_score" : 0.9808291,
"_source" : {
"text" : "sometexttwo"
}
}
]
In simple_query_string quotes denote exact phrase match so "\"sometextone\"" will return result but if you need to do prefix match , query has to be defined as "query": "sometext*"
{
"query": {
"simple_query_string" : {
"query": "sometext*",
"fields": ["name"],
"default_operator": "and",
"quote_field_suffix": '.raw',
"analyze_wildcard": true
}
}
}
To replicate query in your comment using bool query
{
"query": {
"bool": {
"should": [
{
"match_phrase_prefix": {
"FIELD": "PREFIX"
}
},
{
"match": {
"FIELD": "TEXT"
}
}
],
"minimum_should_match": 1,
"must_not": [
{
"match": {
"FIELD": "TEXT"
}
}
]
}
}
}
Related
I'm asking for your help.
elasticsearch create search query
first, search field is keyword type
data
"hits" : [
{
"_index" : "search_event",
"_type" : "_doc",
"_score" : 5.179434,
"_source" : {
"search_keyword" : [
{
"search" : "or",
"keyword" : "developer",
"type" : "18"
}
]
},
{
"_source" : {
"search_keyword" : [
{
"search" : "or",
"keyword" : "tail"
},
{
"search" : "or",
"keyword" : "cap"
},
{
"search" : "and",
"keyword" : "developer"
}
]
}
}
}
When searching,
Must be keyword=developer and search=or
"query": {
"bool": {
"filter": [
{
"term": {
"search_keyword.keyword": {
"value": "developer"
}
}
},
{
"term": {
"search_keyword.search": {
"value": "or"
}
}
}
]
}
}
}
However, 'keyword=developer and search=and' but also a search.
how do I write a query?
"hits" : [
{
"_index" : "search_event",
"_type" : "_doc",
"_score" : 5.179434,
"_source" : {
"search_keyword" : [
{
"search" : "or",
"keyword" : "developer",
"type" : "18"
},
{
"search" : "or",
"keyword" : "tail"
},
{
"search" : "or",
"keyword" : "cap"
},
{
"search" : "and",
"keyword" : "developer"
}
]
}
]
}
i wan't search 'keyword=developer and search=and' documents
only 'keyword=developer and search=or' documents
use below query
"query": {
"bool": {
"must": [ --> note instead of `filter`, it's `must` clause.
{
"term": {
"search_keyword.keyword": {
"value": "developer"
}
}
},
{
"term": {
"search_keyword.search": {
"value": "or"
}
}
}
]
}
}
}
I have some documents in a index..
"hits" : [
{
"_index" : "siem-referencedata-table-table2d526444eff99b1706053853ef7",
"_type" : "_doc",
"_id" : "0table222cc244b04b59d9ecafb0476e6",
"_score" : 1.0,
"_source" : {
"column-name1" : "10.1.10.1",
"column-name2" : "range(100,200)",
"column-name3" : "nam3",
"create_time" : "2022-05-21 03:30:39",
"last_seen" : "2022-05-21 03:30:39",
"id" : "0table222cc244b04b59d9ecafb0476e6"
}
},...
I want to search documents with three fields column-name1, column-name2 and column-name3.
I use below query with term to search exact considered word:
{
"query": {
"bool": {
"must": [
{
"term": {
"column-name1": {"value":"10.1.10.1"}
}
},
{
"term": {
"column-name2": {"value":"range(100,200)"}
}
},
{
"term": {
"column-name3": {"value":"nam3"}
}
}
]
}
}
}
It works without "column-name2": {"value":"range(100,200)"}.. what should I do with range ability? Is there another way to handle this?
The query solved with adding keyword to filed as below:
{
"query": {
"bool": {
"must": [
{
"term": {
"column-name1.keyword": {"value":"10.1.10.1"}
}
},
{
"term": {
"column-name2.keyword": {"value":"range(100,200)"}
}
},
{
"term": {
"column-name3.keyword": {"value":"nam3"}
}
}
]
}
}
}
Thank from Barkha Jain!
This is the structure of my documents:
{
"_index" : "index",
"_type" : "_doc",
"_id" : "4002809",
"_score" : 5.6219883,
"_source" : {
"manufacturer" : "manufacturer of the part",
"shortdesc" : "Description of the part",
"te_param" : "None",
"coverart" : "/partpics/placeholder.jpg",
"has_datasheet" : 0,
"id" : 4002809,
"part" : "437297OBD25"
}
},
I need to discard results with field "shortdesc" empty
This should work:
GET /_search
{
"query": {
"bool": {
"must_not": {
"exists": {
"field": "shortdesc"
}
}
}
}
}
Referenced from here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-exists-query.html
I like AJ's suggestion:
{
"query": {
"bool": {
"must_not": {
"exists": {
"field": "shortdesc"
}
}
}
}
}
That will return all the docs that DON'T have that field on it.
Or you can use the following:
{
"query": {
"bool": {
"must_not": {
"term": {
"shortdesc": ""
}
}
}
}
}
This will return all the docs that contain the field but with an empty description. I assume that an empty description has an empty string (represented as " ").
I have given multiple queries using the bool query. Now it can happen that some of them might have matches and some queries might not have matches in the database. How can I know which of the queries had a match?
For example, here I have a bool query with two should conditions against the field landMark.
{
"query": {
"bool": {
"should": [
{
"match": {
"landMark": "wendys"
}
},
{
"match": {
"landMark": "starbucks"
}
}
]
}
}
}
How can I know which one of them matched in the above query if only one of them matches the documents?
You can use named queries for this purpose. Try this
{
"query": {
"bool": {
"should": [
{
"match": {
"landMark": {
"query": "wendys",
"_name": "wendy match"
}
}
},
{
"match": {
"landMark": {
"query": "starbucks",
"_name": "starbucks match"
}
}
}
]
}
}
}
you can use any _name . In response you will get something like this
"matched_queries": ["wendy match"]
so you will be able to tell which query matched that specific document.
Named query is certainly the way to go.
LINK - https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-named-queries-and-filters.html
Idea of named query is simple , you tag a name to each of your query and in the result , it shows which all tags matched per document.
curl -XPOST 'http://localhost:9200/data/data' -d ' { "landMark" : "wendys near starbucks" }'
curl -XPOST 'http://localhost:9200/data/data' -d ' { "landMark" : "wendys" }'
curl -XPOST 'http://localhost:9200/data/data' -d ' { "landMark" : "starbucks" }'
Hence create you query in this fashion -
curl -XPOST 'http://localhost:9200/data/_search?pretty' -d '{
"query": {
"bool": {
"should": [
{
"match": {
"landMark": {
"query": "wendys",
"_name": "wendy_is_a_match"
}
}
},
{
"match": {
"landMark": {
"query": "starbucks",
"_name": "starbuck_is_a_match"
}
}
}
]
}
}
}'
{
"took" : 7,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 3,
"max_score" : 0.581694,
"hits" : [ {
"_index" : "data",
"_type" : "data",
"_id" : "AVMCNNCY3OZJfBZCJ_tO",
"_score" : 0.581694,
"_source": { "landMark" : "wendys near starbucks" },
"matched_queries" : [ "starbuck_is_a_match", "wendy_is_a_match" ] ---> "Matched tags
}, {
"_index" : "data",
"_type" : "data",
"_id" : "AVMCNS0z3OZJfBZCJ_tQ",
"_score" : 0.1519148,
"_source": { "landMark" : "starbucks" },
"matched_queries" : [ "starbuck_is_a_match" ]
}, {
"_index" : "data",
"_type" : "data",
"_id" : "AVMCNRsF3OZJfBZCJ_tP",
"_score" : 0.04500804,
"_source": { "landMark" : "wendys" },
"matched_queries" : [ "wendy_is_a_match" ]
} ]
}
}
i am trying to filter my result using nested filter but i am getting incorrect result
here is my mapping info
{
"stock" : {
"mappings" : {
"clip" : {
"properties" : {
"description" : {
"type" : "string"
},
"keywords" : {
"type" : "nested",
"properties" : {
"category" : {
"type" : "string"
},
"tags" : {
"type" : "string",
"index_name" : "tag"
}
}
},
"tags" : {
"type" : "string",
"index_name" : "tag"
},
"title" : {
"type" : "string"
}
}
}
}
}
}
clip document data
{
"_index" : "stock",
"_type" : "clip",
"_id" : "AUnsTOBBpafrKleQN284",
"_score" : 1.0,
"_source":{
"title": "journey to forest",
"description": "this clip contain information about the animals",
"tags": ["birls", "wild", "animals", "roar", "forest"],
"keywords": [
{
"tags": ["spring","summer","autumn"],
"category": "Weather"
},
{
"tags": ["Cloudy","Stormy"],
"category": "Season"
},
{
"tags": ["Exterior","Interior"],
"category": "Setting"
}
]
}
i am trying to filter tags inside nested field 'keywords'
here is my query
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"nested": {
"path": "keywords",
"filter": {
"bool": {
"must": [
{
"terms": { "tags": ["autumn", "summer"] }
}
]
}
}
}
}
}
}
}
i am getting no result why ?
what's wrong with my query or schema please help
The above query is syntactically incorrect . You need to provide the full path to tags from root keywords in the term query i.e.keywords.tags
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"nested": {
"path": "keywords",
"filter": {
"bool": {
"must": [
{
"terms": { "keywords.tags": ["autumn", "summer"] }
}
]
}
}
}
}
}
}
}