I have read the Elasticsearch documentation. I also took a course. My questions is was how do I write one query to handle all my tasks? I learn by example. The documentation doesn't have many examples. I wrote what I think may be how I accomplish this task but I'm not sure i'm doing this correctly.
The ... is where i would put a match query of some sort
{
"query": {
"bool": {
"should": [
{
"bool": {
"must": {
...
},
"should": {
...
}
}
},
{
"bool": {
"query_string": {
...
}
}
},
{
"bool": {
...
}
},
{
"bool": {
"must": {
...
},
"should": {
...
}
}
}
],
"minimum_should_match": 1
}
}
}
Is this how i would do it?
The bool query contain array of [must, filter, should, mustnot] so you don't have to put another bool on it. Inside each of them you can write another bool query of course.
As you add a minimum_should_match, you right, you have to put it just after the should part. Your query has to look like :
{
"query": {
"bool": {
"should": [
{ "query_string" : ... },
{ "terms" : ... },
{ "bool" : ... },
{ "bool" : {
"must": [
{"query_string": ... },
{"bool": ....}
]
}
}
],
"minimum_should_match": 1
}
}
}
You have a good example here:
https://www.compose.com/articles/elasticsearch-query-time-strategies-and-techniques-for-relevance-part-i/
https://hdmetor.github.io/how-to-combine-queries-in-es/
Related
I have already various queries that collect data and show it in the Kibana dashboard.
Now I would like to get unique values from my result data. How can I write the query DSL for that.
Basically I would like to get unique value for the field contextMap.connectionid. Is there a way do achieve that using something similar to this example?
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "app",
"query": {
"bool": {
"must": [
{
"match": {
"app.key": "contextMap.connectionid"
}
}
]
}
}
}
}
]
}
}
}
You can calculate distinct count with the help of aggregation .
So, your search query is :
Search Query :
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "app",
"query": {
"bool": {
"must": [
{
"match": {
"app.key": "contextMap.connectionid"
}
}
]
}
}
}
}
]
}
},
"aggs": {
"uniqueconnectionId": {
"terms": {
"field": "contextMap.connectionid.keyword"
}
}
}
}
You can refer here for calculating distinct values of a field https://discuss.elastic.co/t/get-distinct-values-from-a-field-in-elasticsearch/99783
I would like to make an or search between two different condition trees-
{
"query": {
"bool": {
"should": [
{ "bool": { ... } },
{ "bool": { ... } }
]
}
}
}
And it would be helpful to know of the found documents, which of the two conditions (or both) were matched that resulted in this document match.
Is this possible?
You can use the explain parameter to show how the score was computed. This shows the score for each hit, so it will give the fields that matched and the score.
{
"explain": true,
"query": {
"bool": {
"should": [
{ "bool": { ... } },
{ "bool": { ... } }
]
}
}
}
Thank you #Tim and #Val. I was looking for named_queries.
{
"query": {
"bool": {
"should": [
{ "bool": { "_name": "x", "must": [ ... ] } },
{ "bool": { "_name": "y", "must": [ ... ] } },
]
}
}
}
The following documents should be found:
matches query 'my text' AND (has not field OR field with value)
I have tried the following:
GET /myIndex/_search
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "my text"
}
},
{
}
],
"filter": {
"bool": {
"must_not": {
"exists": {
"field": "myField"
}
},
"must": {
"terms": {
"myField": [
"myValue"
]
}
}
}
}
}
}
}
It should (but does not) work liek that:
bool combine via OR must and filter parts
first must select by query
filter uses bool which combines by OR must andmust_not`
But this behaves like must combined with must_not via AND clause. E.g. when I removed "must" or "must_not" query works.
How change query to combine "must" with "must_not" via OR clause?
Elasticsearch version is 5.3.2
You need an extra bool filter between the must and must_not terms.
You should also think about your myField field. If it is defined as text or as keyword.
Tested with elasticsearch 5.6.1 the following query works:
{
"query": {
"bool": {
"must": [{
"query_string": {
"query": "this is a text content"
}
}],
"filter": {
"bool": {
"should" : [{
"bool" : {
"must_not": {
"exists": {
"field": "myField"
}
}
}
},
{
"bool" : {
"must": {
"terms": {
"myField.keyword": ["my field exists and has a value"]
}
}
}
}]
}
}
}
}
}
On Elasticsearch 7.X, you can simply do:
{
"query": {
"bool": {
"must": [
{"match": {"field1": {"query": "Hero"}}}
],
"must_not": [
{"terms":{"field3":["Batman"]}},
]
}
}
}
I have a simple JSON query for Elasticsearch that looks like this:
"query": {
"bool": {
"must": { "match": { "id": "1" }} ,
"must": { "match": { "tags.name": "a1"}}
}
}
How can I execute the second 'must' criteria ONLY if the value ('a1' in this case) is not empty?
You can achieve it using the following -
{
"query": {
"bool": {
"must": [
{
"match": {
"id": "1"
}
},
{
"bool": {
"should": [
{
"missing": {
"field": "tags.name"
}
},
{
"match": {
"tags.name": "a1"
}
}
]
}
}
]
}
}
}
I don't think "missing" can be used in the latest versions of elasticsearch.
But one can use Conditional Clauses instead.
https://www.elastic.co/guide/en/elasticsearch/reference/6.3/search-template.html#_conditional_clauses
I have a little confusion about the usage SHOULD and MUST in bool queries. When you have several filters in SHOULD and MUST clauses, can they be place at the same level or they should be nested?
Below is a simplified version of my data and the two queries that I tested, first one failing and the latter working. In real practice, I have many filters in MUST and SHOULD.
I start to believe that if one wants to combine several SHOULD and MUST filters, the outer one must always be SHOULD. Is this a correct assumption? And in case I wanted to use a MUST_NOT, where should it be placed in this context?
My data:
_index,_type,_id,_score,_source.id,_source.type,_source.valueType,_source.sentence,_source.location
"test","var","0","1","0","study","text","Lorem text is jumbled","spain"
"test","var","1","1","1","study","text","bla bla bla","spain"
"test","var","2","1","2","schema","decimal","ipsum","germany"
"test","var","3","1","3","study","integer","lorem","france"
Here is the failing query:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": {
"terms": {
"location": [
"germany"
]
}
},
"should": {
"terms": {
"valueType": [
"integer"
]
}
}
}
}
}
}
}
Here is my WORKING query returning IDs 2 and 3:
{
"query": {
"bool": {
"should": [
{
"terms": {
"location": [
"germany"
]
}
},
{
"bool": {
"must": [
{
"terms": {
"valueType": [
"integer"
]
}
}
]
}
}
]
}
}
}
Many thanks.
First need to understand meaning of filters.
Compound Filter:
must clauses are required (and)
should clauses are optional (or)
So in first block you are checking term in must(and). So this term must be in result set. and should(or) cond 2 may or may not in result set.
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": {
....... Cond 1
},
"should": {
....... Cond 2
}
}
}
}
}
}
In your working scenario you are query working because should checking Cond 1 OR Cond 2.
{
"query": {
"bool": {
"should": [ // OR
{
...... Cond 1
},
{
...... Cond 2
}
]
}
}
}