I'm trying to wildcard play.google.com like this
{
\"value\": \"play.google.com*\",\n" +
\"type\": \"wildcard\",\n" +
\"internal\": true\n" +
}
I'm using Google Account Activity to record my urls.
When I open an app via Google playstore, I am able wildcard the entries.
But when I open an app in my android, the url is like:
https://play.google.com/store/apps/details?id=com.google.android.youtube
which is not included in wildcard.
I also tried https://play.google.com/store/apps/details*.
But still no luck to avoid App openings.
Please help I'm new with Elastic Search Kibana.
I think you have a mapping issue. Wildcard query is a term-level query, which means the requested field should be a keyword type.
So, you have to provide a mapping for this field to specify that it is a keyword type. You can specify that at the index creation or with a template
Related
I am using Spring Boot and Elasticsearch and I am trying to use three character searches but the searches only match on five characters or more.
If I have a user name of 'Bob Smith' I can find the match searching for 'Smith' but searching for 'Bob' does not find a match.
I suspect this is something that needs to be changed in my class ''SearchMappingConfig implements HibernateOrmSearchMappingConfigurer'' but I can't find any information about changing the size of the tokens needed to successfully match a result.
My ''#Entity'' tables have ''#FullTextField(analyzer = "english")'' annotations on the fields I want included in the token searches.
How do I change the length of the search match?
Ideally I would like any three letters to form a match, so a search for 'Ron' would match 'Ronald' and 'Laronda'
Elasticsearch 7.14
Spring Boot 2.7.6
I have been reading Spring Boot and Elasticsearch documentation but cannot find any information about changing the match length.
Hibernate is able to use an Elasticsearch or Lucene client. Our existing project uses Lucene and it would have been a large undertaking to replace that.
The recommended solution is to create new analyzers so that incoming data creates smaller tokens, I didn't want to change analyzers on my existing database.
A lot of the documentation I was able to find pointed to using the Elasticsearch query builder or the Hibernate 5 method of using a wildcard.
I tested our Elasticsearch and found that the wildcard solution would work.
I ended up using the Hibernate 6 method for wildcard searching and it works well.
SearchResult<DataClass> result = searchSession.search(DataClass.class)
.where(f -> f.wildcard()
.fields(
"firstname",
"lastname",
"username",
"currentLegalName")
.matching("*"+searchText.toLowerCase()+"*"))
.fetch(10);
long totalHitCount = result.total().hitCount();
logger.debug("Search results size {}", totalHitCount);
While trying to change a Visualization in Kibana to use another property for the x-axis, that property doesn't appear there.
I changed recently nlog to target elastic search using the Elastic common schema.
After that change the property is not longer called ResolvedRoute but instead _metadata.resolved_route, the problem is that it doesn't appear on the field for x-axis, it says no matches found.
It is not on the available fields
I'm still new to elastic search and kibana, so it's possible i'm missing something simple.
Don't know if it's related, but when on Discovermenu, looking at the Available fields all of _metadata fields have a question mark
I'm already trying to map some of these fields in Index Management / Edit template
Also, if i go to the console and type
GET /logstash-2020.11.25/_search
{
"query": {
"match_all": {}
}
}
I can see the fields of _metadata that i want, inside _source which is inside of hits.
I think i already had a similar problem where i had to delete all indexes that match the pattern and then the field appeared, but that doesn't make much sense.
What could be the problem?
Chances are high that you haven't refreshed the corresponding index pattern in Kibana. Therefore the data might exist as documents in Elasticsearch but not yet as a field in the index pattern, which is a Kibana Saved Object.
Please go to Settings / Stack Management (depending on your Kibana version), click on the index pattern you expect the field to be in and refresh the fields list (icon is in the upper right corner).
Please let me know if that solved your problem.
The fields in question were not correctly mapped in the template.
since metadata is an object it needs to be mapped like that first,
then inside of it we can map it's own properties.
I am trying to create one query in the Kibana search bar to retrieve some specific documents.
The goal is to get the documents that either have the field "myDate" before 2019-10-08 or "myDate" does not exist.
I have documents that meet one or the other condition.
I started by creating this query :
myDate:<=2019-10-08 OR NOT _exists_:myDate
But no documents were returned.
Since it did not work, I tried some other ways i found online :
myDate:<=2019-10-08 OR NOT (_exists_:myDate)
myDate:<=2019-10-08 OR !(_exists_:myDate)
myDate:<=2019-10-08 OR NOT (myDate:*)
But still, no results.
When I use either "part" of the "OR" condition, it works perfectly : I get either the documents who have myDate<=2019-10-08 or the ones that do not have a "myDate" field filled.
But when I try with both conditions, I get no document.
I have to use only the search bar to find these documents, neither an elasticsearch rest query nor by using kibana filters.
Thank you for your help :)
Below query works. Use Inspect button in kibana to see what query is actually being fired and make sure you are using correct index pattern as well.
(myDate:<=2019-12-31) OR (NOT _exists_:myDate)
Take a look at Query DSL documentation for Boolean operators for more better understanding with different use cases
How can we do multiple field search in Elastic search.
for example I want to search subcategory and region, for one field it is working for multiple field search how we have to do.
Below link is working fine, since I am using one field only for search
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news&sort=pubdate_timestamp:desc
but when I try to search multiple field for example sub_cat_seo_url and region it is not working
see this link (not working)
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news,region:1&sort=pubdate_timestamp:desc
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=sub_cat_seo_url:english-news®ion:1&sort=pubdate_timestamp:desc
According to documentation, it should work
See http://www.elasticsearch.org/guide/reference/query-dsl/query-string-query.html
That being said, you can also use the following:
http://34c512ba34534fffdfd12abfd69f2458.us-east-1.aws.found.io:9200/episodes/episode/_search?q=%2Bsub_cat_seo_url%3Aenglish-news+%2Bregion%3A1&sort=pubdate_timestamp:desc
NOTE :
The existing mapping makes your field "sub_cat_seo_url" analyzed which is analyzed using standard analyzer. Hence, when you are searching for "english-news" it gets tokenized into "english", "news" which results in any document matching either english or news to be valid matches. For eg. "telugu-news" is a valid match for your query. Not sure if it is intentional.
In your mapping you need to mark it as "not_analyzed" for exact match.
Note : %2b is decoded as '+' whereas '+' is decoded as ' '
I'm integrating elasticsearch into an asset tracking application. When I setup the mapping initially, I envisioned the 'brand' field being a single-term field like 'Hitachi', or 'Ford'. Instead, I'm finding that the brand field in the actual data contains multiple terms like: "MB 7 A/B", "B-7" or even "Brush Bull BB72X".
I have an autocomplete component setup now that I configured to do autocomplete against an edgeNGram field, and perform the actual search against an nGram field. It's completely useless the way I set it up because users expect the search results to be restricted to what the autocomplete matches.
Any suggestions on the best way to setup my mapping to support autocomplete and subsequent searches against a multiple term field like this? I'm considering a terms query against a keyword field, or possibly a match query with 'and' as the operator? I also have to deal with hyphens like "B-7".
you can use phrase suggest, the guide is here:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-suggesters.html
the phrase suggest guide is here:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-suggesters-phrase.html