I'm trying the below format but it is returning an empty dictionary.
result_dict = es.search(index="comp*", body={"from": 0, "size": 10000,"query": {
"constant_score" : {
"filter" : {
"bool" : {
"must" : [
{ "term" : { "tags" :"prod" } },
{"term" :{ "severity" :"INFO" }}
{"term" :{ "service" :"abc-service" }}
]
}
}
}
} )
Related
I've a problem to understand the functionality of the following Elasticsearch (ES 6.4) query:
{
"query" : {
"bool" : {
"should" : [
{
"match" : {
"title" : {
"query" : "example",
"operator" : "AND",
"boost" : 2
}
}
},
{
"multi_match" : {
"type" : "best_fields",
"query" : "example",
"operator" : "AND",
"fields" : [
"author", "content", "tags"
],
"boost" : 1
}
}
],
"must" : [
{
"range" : {
"dateCreate" : {
"gte" : "2000-01-01T00:00:00+0200",
"lte" : "2019-02-12T23:59:59+0200"
}
}
},
{
"term" : {
"client" : {
"value" : "test",
"boost" : 1
}
}
}
]
}
},
"size" : 10,
"from" : 0,
"sort" : [
{
"_score" : {
"order" : "desc"
}
}
]
}
The query is executed successfully but retrieves about 400,000 documents which is the total count of my index. It means that all documents are in the result set. But why? Is this really the correct behavior of the multi_match query?
When I was still using the query_string query, I only got the actual matching documents. That's why I'm a bit surprised.
You're missing minimum_should_match:
"bool" : {
"minimum_should_match": 1, <--- add this
"should" : [
...
How can I search for documents that have all of the specified tags in the following query? I tried minimum_should_match and "execution": "and", but none of them is supported in my query.
GET products/fashion/_search
{
"query": {
"constant_score": {
"filter" : {
"bool" : {
"must" : [
{"terms" : {
"tags" : ["gucci", "dresses"]
}},
{"range" : {
"price.value" : {
"gte" : 100,
"lt" : 1000
}
}}
]
}
}
}
},
"sort": { "date": { "order": "desc" }}
}
====== UPDATE
I found a way to build my queries. The task was to reproduce the following mongodb query in the elasticsearch:
{
"tags": {
"$all":["gucci","dresses"]
},
"price.value":{"$gte":100,"$lte":1000}
}
And here is my elasticsearch query
GET products/fashion/_search
{
"query": {
"bool" : {
"filter" : [
{"term" : {
"tags" : "gucci"
}},
{"term" : {
"tags" : "dresses"
}},
{"range" : {
"price.value" : {
"gte" : 100,
"lt" : 1000
}
}}
]
}
}
}
Do you have a mapping defined for your index? By default, Elasticsearch will analyze string fields. If you want to find exact terms like you are above, you need to specify them as not_analyzed in the mapping.
https://www.elastic.co/guide/en/elasticsearch/guide/current/_finding_exact_values.html#_term_filter_with_text
below query is fetching result if i give existing record that is fine , but if i change name field from 'John' to 'John1' then still record is fetching.
{
"query" : {
"bool" : {
"must" : [
{ "match" : {"employeeId" : "1234"}},
{ "match" : {"name" : "John"}}
]
}
}
}
I tried another alternative query as well but still giving result.which query is correct in terms of performance?but both are giving results if i change name record from 'John' to 'John1'
{
"filter": {
"bool" : {
"must" : {
"term" : {
"employeeId" : "1234"
}
}
}
},
"query": {
"match" : {
"name" : {
"query" : "John",
"type" : "phrase"
}
}
}
}
This because you are doing match, if you want do exact search you need to use filter
Notice we assuce the mapping of name column is analyzed
{
"query" :{
"filtered" : {
"filter" : {
"bool" : {
"must" : [
{ "term" : {"employeeId" : "1234"}},
{ "term" : {"name" : "john"}}
]
}
}
}
}
}
I'm trying to create a query/filter that matches a document only if a number of conditions are met on the same item of an array.
Let's say this is the document:
{
arr: [
{ "f1" : "a" , f2 : true },
{ "f1" : "b" , f2 : false}
]
}
I want to be able to retrieve documents that have N conditions matching on the same element. For example: arr.f1 == "a" AND arr.f2 == true should match the document but arr.f1 == "b" AND arr.f2 == true should not.
I'm trying nested bool filters (I have other filters apart from this one) but it doesn't work, something in the lines of
"bool" : {
"must": [
{ some other filter },
{"bool": {"must" : [
{"term" : {"arr.f1" : "a"}},
{"term" : {"arr.f2" : true}},
] }}
]
}
Any idea how to do that?
thanks
edit:
I changed the mapping and now a nested query works as per Val's response. I'm now not able to do an "exists" filter on the nested field:
A simple { "filter" : {"exists" : { "field" : "arr" } } } search returns no hits. How do I do that?
edit: It looks like I need to do a nested exists filter to check that a field inside the nested object exists.
something like:
"filter" : {
"nested" : {"path" : "arr", "filter" : {"exists" : { "field" : "f1" } }}
}
edit:
argh - now highlight doesn't work anymore:
"highlight" : {
"fields" : [
{"arr.f1" : {}},
]
}
Worked around that by adding include_in_parent : true and querying both the nested field and the root object. It's just awful. If anyone has a better idea, they're more than welcome!
{
"query" : {
"bool" : {
"must": [
{"term" : { "arr.f1" : "a" }},
{ "nested" : { "path" : "arr",
"query" : { "bool" : { "must" : [
{"term" : { "arr.f1" : "a" }},
{"term" : { "arr.f2" : true }}
] } }
}}
]
}
},
"highlight" : {
"fields" : [
{"arr.f1" : {}},
]
}
}
In case you're wondering: it's legacy stuff. I can't reindex right now (that would be the obvious solution) and I need a quick & dirty workaround
You need to set the type of your arr field as nested like this:
{
"your_type": {
"properties": {
"arr": {
"type": "nested",
"properties": {
"f1": {"type":"string"},
"f2": {"type":"boolean"}
}
}
}
}
}
Then you need to use a nested query:
{
"nested" : {
"path" : "arr",
"query" : {
"bool" : {
"must" : [
{
"term" : {"arr.f1" : "a"}
},
{
"term" : {"arr.f2" : true}
}
]
}
}
}
}
Your exists filter needs to specify the full field path
"filter" : {
"nested" : {"path" : "arr", "filter" : {"exists" : { "field" : "arr.f1" } }}
}
I need to modify this query so that elastic search does not give it a score. I want my custom filter score to be the only thing giving any result a score. How do I accomplish this?
Each record should only every have a score of 0, 100, or 1000.
{
"size":50,
"from":0,
"query" : {
"custom_filters_score" : {
"query" : {
"filtered" : {
"query" : {
"bool" : {
"must" : [
{"term":{"type":"alpha"}},
{"field":{"sector":"exists"}},
{"field":{"sector.sub":"exists"}},
{"field":{"alpha_sector.sub.categories":"second"}},
{"field":{"beta_sector.sub.columns":"first"}},
{"term":{"beta_type":"beta"}},
{"term":{"area":"624"}}
]
}
},
"filter" : {
"or" : [
{
"and" : [
{"term":{"area":"624"}},
{"term":{"start":"07242013"}}
]
},
{
"and" : [
{"term":{"area":"624"}},
{"term":{"start":"blank"}}
]
}
]
}
}
},
"filters" : [
{"filter":{"term":{"resource":5726}}, "boost":"1000"},
{"filter":{"term":{"alpha_resource":5726}}, "boost":"100"}
],
"score_mode":"sum"
}
}
}
I am not quite sure what you are trying to achieve here
{"field":{"sector":"exists"}},
{"field":{"sector.sub":"exists"}},
but in general, if you don't want part of your query to affect the score, just make it a filter. It's also will be better to use "bool" with "term" filters instead of "and"/"or"/"not"
{
"size":50,
"from":0,
"query" : {
"custom_filters_score" : {
"query" : {
"filtered" : {
"query" : {
"match_all": {}
},
"filter" : {
"bool" : {
"must" : [
{"term":{"type":"alpha"}},
{"query":{"field":{"sector":"exists"}}},
{"query":{"field":{"sector.sub":"exists"}}},
{"query":{"field":{"alpha_sector.sub.categories":"second"}}},
{"query":{"field":{"beta_sector.sub.columns":"first"}}},
{"term":{"beta_type":"beta"}},
{"term":{"area":"624"}}
],
"should" : [
{
"bool" : {
"must" : [
{"term":{"area":"624"}},
{"term":{"start":"07242013"}}
]
}
},
{
"bool" : {
"must": [
{"term":{"area":"624"}},
{"term":{"start":"blank"}}
]
}
}
]
}
}
}
},
"filters" : [
{"filter":{"term":{"resource":5726}}, "boost":"1000"},
{"filter":{"term":{"alpha_resource":5726}}, "boost":"100"}
],
"score_mode":"total"
}
}
}