How can I delete services in Elastic APM? - elasticsearch

I'm trying out Elastic APM. I have successfully created a service with data flowing in. I wanted to see if I can have multiple services. Somehow, I ran into problems, so I wanted to delete some services. However, I couldn't find a way to delete a service.
Question : How can I delete a service in APM?
Further information
Indexes related to APM :
{
"_index": "apm-7.3.2-metric-000001",
"_type": "_doc",
"_id": "XgEhYm0BiAdOXLlDGc-r",
"_version": 1,
"_score": null,
"_source": {
"jvm": {
"memory": {
"non_heap": {
"committed": 87449600,
"max": -1,
"used": 66599704
},
"heap": {
"committed": 232783872,
"max": 2025848832,
"used": 170023936
}
},
"thread": {
"count": 63
},
"gc": {
"alloc": 632406344
}
},
"observer": {
"hostname": "localhost.localdomain",
"id": "d1aec10a-cc4e-44f4-9aed-acf57d107ab7",
"ephemeral_id": "ae48b040-f9f6-4144-a600-d402defaa44a",
"type": "apm-server",
"version": "7.3.2",
"version_major": 7
},
"agent": {
"name": "java",
"ephemeral_id": "66d5c439-271c-483d-a426-d0e569bede4a",
"version": "1.9.0"
},
"process": {
"pid": 16154,
"title": "/usr/lib/jvm/java-11-openjdk-11.0.1.13-3.el7_6.x86_64/bin/java",
"ppid": 1
},
"#timestamp": "2019-09-24T07:16:28.461Z",
"system": {
"process": {
"memory": {
"size": 6070763520
},
"cpu": {
"total": {
"norm": {
"pct": 0.001925814284518128
}
}
}
},
"memory": {
"actual": {
"free": 749580288
},
"total": 8102449152
},
"cpu": {
"total": {
"norm": {
"pct": 0.033324960227748474
}
}
}
},
"ecs": {
"version": "1.0.1"
},
"service": {
"name": "ldap1",
"runtime": {
"name": "Java",
"version": "11.0.1"
},
"language": {
"name": "Java",
"version": "11.0.1"
}
},
"host": {
"hostname": "localhost.localdomain",
"os": {
"platform": "Linux"
},
"ip": "127.0.0.1",
"architecture": "amd64"
},
"processor": {
"name": "metric",
"event": "metric"
}
},
"fields": {
"#timestamp": [
"2019-09-24T07:16:28.461Z"
]
},
"sort": [
1569309388461
]
}
Above contains the service that I want to remove.
"service": {
"name": "ldap1",
"runtime": {
"name": "Java",
"version": "11.0.1"
},


You simply need to change your query to this:
POST apm*/_delete_by_query
{
"query": {
"term": {
"service.name": "ldap1"
}
}
}


The accepted answer no longer works, you can use the following
POST /apm-*/_delete_by_query
{
"query": {
"bool": {
"must": [
{
"term": {
"service.name": {
"value": "my-application"
}
}
}
]
}
}
}


Pleas try it out
POST .*apm*/_delete_by_query
{
"query": {
"term": {
"service.name": {
"value": "web-test"
}
}
}
}
Refer to https://discuss.elastic.co/t/how-to-delete-amp-service/301908/3
Hope to help you!

Related

How to pass variable `ctx.payload.hits.total` of the 'hit' log into transform-script of webhook watcher?

I have following webhook watcher which is working perfectly creating OTRS ticket when word "Error" appears in logs.
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "Error"
}
},
{
"range": {
"#timestamp": {
"gte": "now-1m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"actions": {
"create_otrs": {
"transform": {
"script": {
"source": "return ['Ticket':['Queue':'Engineering Team','Priority':'P3','CustomerUser':'root','Title':'RESTCreateTest','State':'new','Type':'Incident'],'Article':['ContentType':'text/plain;charset=utf8','Subject':'RestCreateTest','Body':'This is only a test']]",
"lang": "painless"
}
},
"webhook": {
"scheme": "http",
"host": "myotrs.com",
"port": 80,
"method": "post",
"path": "/otrs/GenericTicketConnectorREST/User=<User>&Pass=<Password>",
},
"headers": {},
"body": "{{#toJson}}ctx.payload{{/toJson}}"
}
}
}
}
However, right now functionality is limited as it creates ticket with fixed body This is only a test. I want to pass the exact error message body of the log into the ticket body. How to pass variables into script body?
I have included one of the hits, it also shows the document I am trying to access. I need the "ctx.payload.hits.total" part of the document-hit to be the body of the ticket.
{
"_index": ".ds-logs-elastic_agent.filebeat-default",
"_source": {
"input_source": "https://ser.example.com:80/export",
"agent": {
"name": "syslog01",
"id": "5836558b-b17d-445e",
"type": "filebeat",
"ephemeral_id": "36bdfeca-3c60",
"version": "8.3.3"
},
"service.name": "filebeat",
"log": {
"file": {
"path": "/opt/Elastic/Agent/data/elastic-agent-0ffbed/logs/default/filebeat-20230127-12.ndjson"
},
"offset": 248078415
},
"elastic_agent": {
"id": "5836558b-b17d",
"version": "8.3.3",
"snapshot": false
},
"message": """Error while processing http request: failed to execute rf.collectResponse: failed to execute http client.Do: failed to execute http client.Do: Post "https://ser.example.com:80/export": POST https://ser.example.com:80/export giving up after 6 attempts""",
"log.logger": "input.httpjson-cursor",
"input": {
"type": "filestream"
},
"log.origin": {
"file.line": 128,
"file.name": "httpjson/input.go"
},
"#timestamp": "2023-01-27T14:44:42.790Z",
"ecs": {
"version": "8.0.0"
},
"data_stream": {
"namespace": "default",
"type": "logs",
"dataset": "elastic_agent.filebeat"
},
"host": {
"hostname": "syslog01",
"os": {
"kernel": "3.10.25-gentoo",
"name": "Gentoo",
"type": "linux",
"family": "",
"version": "",
"platform": "gentoo"
},
"containerized": false,
"log.level": "error",
"input_url": "https://ser.example.com:8089/export",
"id": "httpjson-system.security-ba2ec41b-457b-442a",
"event": {
"agent_id_status": "verified",
"ingested": "2023-01-27T14:44:58Z",
"dataset": "elastic_agent.filebeat"
}
},
"_id": "pCWw84UB8FDLddfs",
"_score": 2.2840834
}
}

Elastic Watcher not returning results

I am trying to simulate a watch and see if the actions are triggering fine. But my problem is the search returns no results.
My query
Checks for a particular index.
Checks for a range
Check for the servicename field to be a particular value.
This is my watch definition
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"body": {
"query": {
"bool": {
"filter": [
{
"term": {
"level": {
"value": "ERROR"
}
}
},
{
"term": {
"servicename": [
"Iit.Det.Urm.MepsSubscriber"
]
}
},
{
"range": {
"#timestamp": {
"gte": "now-60m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"notify-slack": {
"slack": {
"account": "elastic_watcher_alerts",
"proxy": {
"host": "proxy.dom",
"port": 80
},
"message": {
"from": "Error Monitor",
"to": [
"#det-errors"
],
"text": "The following error(s) have been logged",
"dynamic_attachments": {
"list_path": "ctx.payload.items",
"attachment_template": {
"color": "#f00",
"title": "{{msg}}",
"title_link": "https://elastic.mid.dom:port/{{index}}/doc/{{id}}?pretty",
"text": "{{msg}}",
"fields": [
{
"title": "Server",
"value": "{{host}}",
"short": true
},
{
"title": "Servicename",
"value": "{{service}}",
"short": true
}
]
}
}
}
}
}
},
"transform": {
"script": {
"source": "['items': ctx.payload.hits.hits.collect(hit -> ['msg': hit._source.message, 'service': hit._source.servicename, 'index': hit._index, 'id' : hit._id, 'host': hit._source.agent.hostname ])]",
"lang": "painless"
}
}
}
I am trying to now test it by using the simulate option and giving it an input. This input is copied from actual data that is in the index. I copied a json document from kibana (in the discover section), so the alternate input json should be ok
Here's the alternative input
{
"_index": "datasolutions-svc-live-7.7.0-2021.01",
"_type": "doc",
"_id": "Hre9SHcB1QIqYEnyxSCw",
"_version": 1,
"_score": null,
"_source": {
"exception": "System.Data.SqlClient.SqlException (0x80131904): blabla",
"agent": {
"hostname": "SATSVC3-DK1",
"name": "datasolutions-svc-live",
"id": "8c826ae1-e411-4257-a31f-08824dd58b5a",
"type": "filebeat",
"ephemeral_id": "e355bf8a-be67-4ed1-85f4-b9043674700e",
"version": "7.7.0"
},
"log": {
"file": {
"path": "D:\\logs\\7DaysRetention\\Iit.Det.Urm.MepsSubscriber\\Iit.Det.Urm.MepsSubscriber.log.20210128.log"
},
"offset": 17754757
},
"level": "ERROR",
"message": "Error while starting service.",
"#timestamp": "2021-02-17T10:00:28.343Z",
"ecs": {
"version": "1.5.0"
},
"host": {
"name": "datasolutions-svc-live"
},
"servicename": "Iit.Det.Urm.MepsSubscriber",
"codelocation": "Iit.Det.Urm.MepsSubscriber.MepsSubscriberService.OnStart:29"
},
"fields": {
"#timestamp": [
"2021-02-17T10:00:28.343Z"
]
},
"highlight": {
"servicename": [
"#kibana-highlighted-field#Iit.Det.Urm.MepsSubscriber#/kibana-highlighted-field#"
]
},
"sort": [
1611833128343
]
}
But when I run "simulate", I get the ctx.payload.total.hits as null because apparently it does not find any results. Result of the simulate-
{
"watch_id": "_inlined_",
"node": "eMS-E34eT4-zZhGwtPNSmw",
"state": "execution_not_needed",
"user": "sum",
"status": {
"state": {
"active": true,
"timestamp": "2021-02-17T10:57:04.077Z"
},
"last_checked": "2021-02-17T10:57:04.077Z",
"actions": {
"notify-slack": {
"ack": {
"timestamp": "2021-02-17T10:57:04.077Z",
"state": "awaits_successful_execution"
}
}
},
"execution_state": "execution_not_needed",
"version": -1
},
"trigger_event": {
"type": "manual",
"triggered_time": "2021-02-17T10:57:04.077Z",
"manual": {
"schedule": {
"scheduled_time": "2021-02-17T10:57:04.077Z"
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"filter": [
{
"term": {
"level": {
"value": "ERROR"
}
}
},
{
"term": {
"servicename": [
"Iit.Det.Urm.MepsSubscriber"
]
}
},
{
"range": {
"#timestamp": {
"gte": "now-60m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"metadata": {
"name": "datasolutions-svc-mepssubscriber",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2021-02-17T10:57:04.077Z",
"execution_duration": 0,
"input": {
"type": "simple",
"status": "success",
"payload": {
"highlight": {
"servicename": [
"#kibana-highlighted-field#Iit.Det.Urm.MepsSubscriber#/kibana-highlighted-field#"
]
},
"_index": "datasolutions-svc-live-7.7.0-2021.01",
"_type": "doc",
"_source": {
"exception": "System.Data.SqlClient.SqlException (0x80131904): blabla",
"agent": {
"hostname": "SATSVC3-DK1",
"name": "datasolutions-svc-live",
"id": "8c826ae1-e411-4257-a31f-08824dd58b5a",
"type": "filebeat",
"ephemeral_id": "e355bf8a-be67-4ed1-85f4-b9043674700e",
"version": "7.7.0"
},
"#timestamp": "2021-02-17T10:00:28.343Z",
"ecs": {
"version": "1.5.0"
},
"log": {
"file": {
"path": "D:\\logs\\7DaysRetention\\Iit.Det.Urm.MepsSubscriber\\Iit.Det.Urm.MepsSubscriber.log.20210128.log"
},
"offset": 17754757
},
"level": "ERROR",
"host": {
"name": "datasolutions-svc-live"
},
"servicename": "Iit.Det.Urm.MepsSubscriber",
"message": "Error while starting service.",
"codelocation": "Iit.Det.Urm.MepsSubscriber.MepsSubscriberService.OnStart:29"
},
"_id": "Hre9SHcB1QIqYEnyxSCw",
"sort": [
1611833128343
],
"_score": null,
"fields": {
"#timestamp": [
"2021-02-17T10:00:28.343Z"
]
},
"_version": 1
}
},
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.total": null
}
}
},
"actions": []
},
"messages": []
}
I am not sure what can't it find the results. Can someone tell me what is it that I am doing wrong?

I was able to solve it using the "inspect" section of discover page of the index.
Finally my input for the watcher query had to be changed to
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"servicename": "Iit.Det.Urm.MepsSubscriber"
}
}
],
"minimum_should_match": 1
}
},
{
"match_phrase": {
"level": "ERROR"
}
},
{
"range": {
"#timestamp": {
"gte": "now-10m",
"format": "strict_date_optional_time"
}
}
}
],
"should": [],
"must_not": []
}
}
}
}
}
}

Elastic Search Aggregation and Complex Query

I have created the index
PUT ten2
{
"mappings": {
"documents": {
"properties": {
"title": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},"uid": {
"type": "text",
"fields": {
"raw": {
"type": "keyword"
}
}
},
"publish_details": {
"type": "nested",
"properties": {
"environment": {
"type": "keyword"
},
"locale": {
"type": "keyword"
},
"time": {
"type": "date"
},
"version": {
"type": "integer"
}
}
}
}
}
}
}
and added documents into it. here is the list of documents:
[{
"_index": "ten2",
"_type": "documents",
"_id": "blt69b62b48bbed1fb6_en-us",
"_source": {
"publish_details": [{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:11:25.276Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
},
{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:11:25.276Z",
"locale": "hi-in",
"user": "bltaadab2f531206e9d",
"version": 1
}
],
"title": "Entry 1",
"uid": "blt69b62b48bbed1fb6"
}
},
{
"_index": "ten2",
"_type": "documents",
"_id": "blt69b62b48bbed1fb6_mr-in",
"_source": {
"publish_details": [{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:12:35.467Z",
"locale": "mr-in",
"user": "bltaadab2f531206e9d",
"version": 1
}],
"title": "Entry 3",
"uid": "blt69b62b48bbed1fb6"
}
},
{
"_index": "ten2",
"_type": "documents",
"_id": "blt4044c5198122a3ed_en-us",
"_source": {
"publish_details": [{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
},{
"environment": "blt603fe91adbdcff6690",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
}],
"title": "Entry 10",
"uid": "blt4044c5198122a3ed"
}
}
]
and I want the following result
[
{
"_index": "ten2",
"_type": "documents",
"_id": "blt4044c5198122a3ed_en-us",
"_source": {
"publish_details": [{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
},{
"environment": "blt603fe91adbdcff6690",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
}],
"title": "Entry 10",
"uid": "blt4044c5198122a3ed"
}
}
]
I am using the following query to get the result
GET ten2/_search
{
"query": {
"bool": {
"must": [{
"bool": {
"must_not": [{
"bool": {
"must": [{
"nested": {
"path": "publish_details",
"query": {
"term": {
"publish_details.environment": "blt603fe91adbdcff66"
}
}
}
}, {
"nested": {
"path": "publish_details",
"query": {
"term": {
"publish_details.locale": "en-us"
}
}
}
}, {
"nested": {
"path": "publish_details",
"query": {
"term": {
"publish_details.locale": "hi-in"
}
}
}
}, {
"nested": {
"path": "publish_details",
"query": {
"term": {
"publish_details.locale": "mr-in"
}
}
}
}]
}
}]
}
}
}
}
}
kindly help me a query to get expected result. First two dicuemtns having same uid only publish_details.locale is different.I am using must query within must_not to get result, currently I am getting all three documents but I want only last one. I have million documwnts.

To know more about Bool queries refer to this official documentation
Adding a working example with your mapping, index data, and with the search query
Search Query:
{
"query": {
"nested": {
"path": "publish_details",
"query": {
"bool": {
"must": [
{
"match": {
"publish_details.locale": "en-us"
}
}
],
"must_not": [
{
"match": {
"publish_details.environment": "blt603fe91adbdcff66"
}
},
{
"match": {
"publish_details.locale": "hi-in"
}
},
{
"match": {
"publish_details.locale": "mr-in"
}
}
]
}
},
"inner_hits": {
}
}
}
}
Search Result :
"hits": [
{
"_index": "test",
"_type": "_doc",
"_id": "3",
"_score": 0.53899646,
"_source": {
"publish_details": [
{
"environment": "blt603fe91adbdcff66",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
},
{
"environment": "blt603fe91adbdcff6690",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
}
],
"title": "Entry 10",
"uid": "blt4044c5198122a3ed"
},
"inner_hits": {
"publish_details": {
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 0.53899646,
"hits": [
{
"_index": "test",
"_type": "_doc",
"_id": "3",
"_nested": {
"field": "publish_details",
"offset": 1
},
"_score": 0.53899646,
"_source": {
"environment": "blt603fe91adbdcff6690",
"time": "2020-06-24T12:10:46.430Z",
"locale": "en-us",
"user": "bltaadab2f531206e9d",
"version": 1
}
}
]
}
}
}
}
]
To know more about inner hits refer to this documentation
The above query returns only the third document, thus satisfying the conditions of the search query. In the Inner Hits, only one part of the third document is returning, and the part which is matching blt603fe91adbdcff66 is discarded.

Query only those documents where image field is not empty

I have the following mapping **(dynamic strict on the type)**
"created": {
"type": "date"
},
"images": {
"properties": {
"checksum": {
"type": "text",
"index": false
},
"path": {
"type": "text",
"index": false
},
"url": {
"type": "text",
"index": false
}
}
},
I want to query documents where there is a image present
I tried couple of combinations but no luck so far.
This is the last i tried
POST catalog/_search
{
"query": {
"script": {
"script": "doc['images'].values.length > 0"
}
}
}
POST catalog/_search
{
"query": {
"script": {
"script": "doc['images.url'].values.length > 0"
}
}
}
But here it says that field data is not true for text fields. Is there anyway I can do this without changing my mapping.
Ideally this should give me all the records where there is no images. But this is returning all records
POST catalog/_search
{
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "images"
}
}
]
}
}
}
Here is the example document in which there is a image.
{
"_index": "catalog-2018-03-03",
"_type": "product",
"_id": "151755703145e27e4983a0bd1b70be44",
"_score": 1,
"_source": {
"merchant": {
"link": "http://shophive.com/",
"name": "shophive"
},
"images": [],
"updated": "2018-03-18T13:06:33.583480",
"name": "Plantronics Savi Talk",
"created": "2018-03-18T13:06:33.583459",
"url": "http://www.shophive.com/plantronics-savi-talk",
"price": {
"new": 24999,
"old": 24999,
"discount_percent": 0
},
"category": {
"level_1": {
"url": "computers/tablets/networking",
"name": "Computers/Tablets & Networking "
},
"level_2": {
"url": "tablets/ebook-readers",
"name": "Tablets & eBook Readers"
}
}
}
}
Updated
With the below query I am expecting that elasticsearch would return the documents in which image is missing
POST catalog/product/_search
{
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "images"
}
}
]
}
}
}
But the result i receive is all the documents in my index and apparently every document has one image. Here is the example document i get with above query
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 20967,
"max_score": 1,
"hits": [
{
"_index": "catalog-2018-03-03",
"_type": "product",
"_id": "151755703145e27e4983a0bd1b70be44",
"_score": 1,
"_source": {
"merchant": {
"link": "http://shophive.com/",
"name": "shophive"
},
"images": [
{
"url": "http://www.shophive.com/media/catalog/product/cache/1/small_image/165x/9df78eab33525d08d6e5fb8d27136e95/p/l/plantronics_savi_talk.jpg",
"path": "full/8e3587bd2b6107f0beafa9b1ba05f476539be0a8.jpg",
"checksum": "fa74ade23c8e80e9590d48d4e59b6b64"
}
],
"updated": "2018-03-18T13:06:33.583480",
"name": "Plantronics Savi Talk",
"created": "2018-03-18T13:06:33.583459",
"url": "http://www.shophive.com/plantronics-savi-talk",
"price": {
"new": 24999,
"old": 24999,
"discount_percent": 0
},
"category": {
"level_1": {
"url": "computers/tablets/networking",
"name": "Computers/Tablets & Networking "
},
"level_2": {
"url": "tablets/ebook-readers",
"name": "Tablets & eBook Readers"
}
}
}
}
}
}

You should leave out the the square brackets in the query as you only have one clause
POST /catalog/_search
{
"query": {
"bool": {
"must_not": {
"exists": {
"field": "images"
}
}
}
}
}
This returns the docs with out images for me and if you need only those that have images
POST /catalog/_search
{
"query": {
"exists": {
"field": "images"
}
}
}

How to get by ids and filter nested data to leave only objects filtered by category?

How to get by ids and filter notes to leave only given category?
Data:
POST c1_2/Blog/1
{
"post": {
"notes": {
"main": [
{
"message": "blablabla",
"category": "test"
},
{
"message": "blablabla",
"category": "other"
}
],
"cart": [
{
"message": "blablabla",
"category": "test"
},
{
"message": "blablabla",
"category": "other"
}
]
}
}
}
POST c1_2/Blog/2
{
"post": {
"notes": {
"main": [
{
"message": "blablabla",
"category": "second"
},
{
"message": "blablabla",
"category": "third"
}
],
"cart": [
{
"message": "blablabla",
"category": "test"
},
{
"message": "blablabla",
"category": "other"
}
]
}
}
}
Search:
POST c1_2/Blog/_search
{
"query": {
"bool": {
"must": [
{
"ids": {
"values": [
1,
2,
3
]
}
},
{
"terms": {
"post.notes.main.category": [
"test"
]
}
}
]
}
}
}
Current results, objects in notes main/cart aren't filtered by category:
{
"took": 9,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1.0122644,
"hits": [
{
"_index": "c1_2",
"_type": "Blog",
"_id": "1",
"_score": 1.0122644,
"_source": {
"post": {
"notes": {
"main": [
{
"message": "blablabla",
"category": "test"
},
{
"message": "blablabla",
"category": "other"
}
],
"cart": [
{
"message": "blablabla",
"category": "test"
},
{
"message": "blablabla",
"category": "other"
}
]
}
}
}
}
]
}
}
Desired effect:
"notes": {
"main": [
{
"message": "blablabla",
"category": "test"
}
],
"cart": [
{
"message": "blablabla",
"category": "test"
}
]
}
In my real app query is embedded in "filtered" and "filter", if I will put query above instead filter "ids" like in example below, then will it return the same data?
POST c1_2/Blog/_search
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"ids": {
"values": [
"1",
"2"
]
}
}
}
}
}
Mapping:
{
"posts": {
"mappings": {
"posts": {
"dynamic_templates": [{
"blog": {
"mapping": {
"index": "analyzed"
},
"path_match": "blog.*",
"path_unmatch": "*.medias.*"
}
}, {
"ids": {
"mapping": {
"index": "not_analyzed",
"type": "string"
},
"match": "_id|base_id",
"match_pattern": "regex"
}
}],
"_all": {
"enabled": false
},
"properties": {
"query": {
"properties": {
"filtered": {
"properties": {
"filter": {
"properties": {
"ids": {
"properties": {
"values": {
"type": "string"
}
}
}
}
},
"query": {
"properties": {
"match_all": {
"type": "object"
}
}
}
}
},
"match_all": {
"type": "object"
}
}
},
"source": {
"dynamic": "true",
"properties": {
"post": {
"dynamic": "true",
"properties": {
"_id": {
"type": "string",
"index": "not_analyzed"
},
"base_id": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
},
"blog": {
"properties": {
"post": {
"properties": {
"_id": {
"type": "string"
},
"notes": {
"properties": {
"main": {
"properties": {
"id": {
"type": "string"
},
"message": {
"type": "string"
},
"category": {
"type": "string"
}
}
},
"cart": {
"properties": {
"id": {
"type": "string"
},
"message": {
"type": "string"
},
"category": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
}
}
}

{
"query": {
"filtered": {
"filter": {
"bool": {
"must": {
"terms": {
"_id": [1, 2]
}
},
"must_not": {
"terms": {
"post.notes.main.category": [
"other"
]
}
}
}
}
}
}
}

Resources