I am using elasticsearch 6.8 and below is a sample of query I send:
{
"query": {
...
"bool": {
"should": [
{ match_phrase: { descriptor: 'xxx' } },
{ match_phrase: { descriptor: 'xxx' } },
{ match_phrase: { descriptor: 'xxx' } },
{ match_phrase: { descriptor: 'xxx' } }
]
}
...
}
As you can see there are many match_phrase under should array. Is the order of these match matter in terms of scores in the result?
The filter parameter indicates filter context. Its term and range clauses are used in filter context. They will filter out documents which do not match, but they WILL NOT affect the score for matching documents.
Please also see the document of ElasticSearch as a reference.
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-filter-context.html
Related
Ok, this is the schema:
id
generated{
status{
myStatuses[]
}
}
So having now these entries:
id=1
generated.status.myStatuses=['busy', 'free']
id=2
generated.status.myStatuses=['busy']
id=3
generated.status.myStatuses=['free']
I want to match all the documents where "generated.status.myStatuses" contains the word "free".
In the example above I would find id=1 and id=3.
There's no dedicated array datatype in ES so you can treat your keyword arrays as keywords. This means either
GET generated/_search
{
"query": {
"match": {
"generated.status.myStatuses": "free"
}
}
}
or, for exact matches,
GET generated/_search
{
"query": {
"term": {
"generated.status.myStatuses.keyword": "free"
}
}
}
{
"query":{
"match":{
"generated.status.myStatuses":"free"
}
}
}
You need to use match or term queries based on your data mapping.
Using ElasicSearch's JSON Query DSL through Kibana, how do I retrieve all documents which have:
messageTemplate equals My message
or
level equals Error
You have to use a Bool query for that :
... If the bool query is a filter context or has neither must or filter then at least one of the should queries must match a document for it to match the bool query
POST <your_index>/_search
{
"query": {
"bool": {
"should": [
{ "match_phrase" : { "messageTemplate" : "My message" } },
{ "term" : { "level" : "Error" } }
]
}
}
}
Alternatively, you could type in the Kibana search bar:
messageTemplate:"My message" || level:"Error"
or
messageTemplate:"My message" OR level:"Error"
Experiencing an issue with ES,
I have a mapping for a user type, specifying a field as keyword
GET _template/user_template
Returns:
{
...
"primary_user": {
"type": "keyword"
}
}
The following filter request will return with hits
GET users/user/_search
{
"query": {
"bool": {
"filter": {
"term": {
"primary_user.keyword": "AWBFyulcxxxxxxxx"
}
}
}
}
}
The following request will return with 0 hits.
GET users/user/_search
{
"query": {
"bool": {
"filter": {
"term": {
"primary_user": "AWBFyulcxxxxxxxx"
}
}
}
}
}
From the Dev tools autocomplete, I can see the ES regards the primary_user as text.
What am I missing?
Check the name of the index with the template index pattern: the template will be applied only to index with name matching the index pattern.
In addition templates are only applied at index creation time and changing a template will have no impact on existing indices: if you have updated the template, you have to create a new index (ord deleting and recreating an existing one) for viewing the changes in the mapping.
I have a document which looks like this:
{
"foo": {
"orgnr": "1"
},
"bar": {
"orgnr" : "2"
},
"created": "2015-02-12",
...
}
I have an API where a user can query for:
orgnr (required)
role (optional) - ANY by default ANY means must match at least one of bar.orgnr or foo.orgnr, but could also be role:BAR, and then it must match bar.orgnr:
created (optional)
query (optional)
Orgnr must match foo.orgnr OR bar.orgnr, and can then have a lot of other field and text queries. I match this doing a query string query. So for a request where orgnr is 1, the following query string would be generated:
(foo.orgnr:1 OR bar.orgnr:1) AND (rest of query)
Where rest of query can be for example
created:[2015-01-01 TO *]
created:[2015-01-01 TO *] AND *query*
But i'm not sure this is actually the correct way or doing this. Reading https://www.elastic.co/guide/en/elasticsearch/guide/current/_queries_and_filters.html makes me insecure.
I could also use a boolean match, with must for the orgnr.
With role:BAR the following query would be generated:
(bar.orgnr:1) AND (rest of query)
The most important here is that orgnr is actually matched towards foo OR bar orgnr.
Or should I use a filter for this instead?
A bool query in filter context is a fine way of doing it. The Should requires at least one clause to match.
POST _search
{
"query": {
"constant_score": {
"filter": {
"bool": {
"should": [
{
"term": {
"foo.orgnr": "1"
}
},
{
"term": {
"bar.orgnr": "1"
}
}
]
}
}
}
}
}
My data has a field localities which is an array of strings.
"localities": [
"Mayur Vihar Phase 1",
"Paschim Vihar",
"Rohini",
"",
"Laxmi Nagar",
"Vasant Vihar",
"Dwarka",
"Karol Bagh",
"Inderlok" ]
What query should I write to filter the documents by a specific locality such as "Rohini"?
A simple match query will be enough (if you don't know the mapping of your localities field).
POST <your index>/_search
{
"query": {
"match": {
"localities": "Rohini"
}
}
}
If the localities field is set as a string type and index as not_analyzed, the best way to query this is to use a term filter, wrapped in a filtered query (you can't use directly filters) :
POST <your index>/_search
{
"query": {
"filtered": {
"filter": {
"term": {
"localities": "Rohini"
}
}
}
}
}
If you doesn't need the score, the second solution is the way to go as filters doesn't compute score, are faster and cached.
Check the documentation for information about analysis which is a very important subject in ElasticSearch, heavily influencing the way you query.
POST /_search
{
"query": {
"match": {
"localities": "Rohini"
}
}
}
Or you can simply query:
GET /_search?q=localities:Rohini