I am trying to make an elasticsearch query where, I need to search for a time frame in the elasticsearch table. I have records which has startime and endtime. And from UI I am giving a starttime and endtime which is time windows for which I need to search files for. Assuming the time window of starttime and endtime in the records is smaller than the time window entered by user, I have created the following query:
{
"_source":["filename","starttime","endtime"],
"sort":[{
"starttime":{"order":"asc"}
}],
"query":{
"bool":{
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"lte":1489602610000
}
},
"range":{
"endtime":{
"gte":1489602610000,
}
}
]
}
},
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"gte":1489602610000
}
},
"range":{
"endtime":{
"lte":1489689000000
}
}
]
}
},
"should":{
"bool":{
"must":[
"range":{
"starttime":{
"lte":1489689000000
}
},
"range":{
"endtime":{
"gte":1489689000000
}
}
]
}
}
}
}
}
I am getting error
"Unexpected character (':' (code 58)): was expecting comma to separate
Array entries\n at [Source:
org.elasticsearch.transport.netty4.ByteBufStreamInput#29263f09; line:
11, column: 33]"
There are several issues with your query:
one dangling comma
more than one bool/should clauses
range queries not properly wrapped inside curly braces
You can find the correct query below:
{
"_source": [
"filename",
"starttime",
"endtime"
],
"sort": [
{
"starttime": {
"order": "asc"
}
}
],
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"range": {
"starttime": {
"lte": 1489602610000
}
}
},
{
"range": {
"endtime": {
"gte": 1489602610000
}
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"starttime": {
"gte": 1489602610000
}
}
},
{
"range": {
"endtime": {
"lte": 1489689000000
}
}
}
]
}
},
{
"bool": {
"must": [
{
"range": {
"starttime": {
"lte": 1489689000000
}
}
},
{
"range": {
"endtime": {
"gte": 1489689000000
}
}
}
]
}
}
]
}
}
}
Related
I have some questions about nested query.
Here is my example. The mapping is {"user":"nested"}.The exist data just like this:
{
"user": [
{
"first":"John",
"last":"Smith"
},
{
"first":"Alice",
"last":"White"
}
]
}
How do I create a query to find this document that meets all the conditions:
the first object of user that its "first" is "John" and "last" is "Smith";
the second object of user that its "first" is "Alice" and "last" is "White"
Try with below query :
{
"query":{
"bool":{
"filter":[
{
"bool":{
"must":[
{
"bool":{
"must":[
{
"nested":{
"query":{
"bool":{
"must":[
{
"match_phrase":{
"user.first":{
"query":"John"
}
}
},
{
"match_phrase":{
"user.last":{
"query":"Smith"
}
}
}
]
}
},
"path":"user"
}
},
{
"nested":{
"query":{
"bool":{
"must":[
{
"match_phrase":{
"user.first":{
"query":"Alice"
}
}
},
{
"match_phrase":{
"user.last":{
"query":"White"
}
}
}
]
}
},
"path":"user"
}
}
]
}
}
]
}
}
]
}
}
}
Below query is what you are looking for. You simply need to have two nested queries, one for each conditions you've mentioned, combined in a bool using must clause.
Note that I'm assuming that the fields user.first and user.last are of text type having standard analyzer
POST <your_index_name>
{
"query":{
"bool":{
"must":[
{
"nested":{
"path":"user",
"query":{
"bool":{
"must":[
{
"match":{
"user.first":"john"
}
},
{
"match":{
"user.last":"smith"
}
}
]
}
}
}
},
{
"nested":{
"path":"user",
"query":{
"bool":{
"must":[
{
"match":{
"user.first":"alice"
}
},
{
"match":{
"user.last":"white"
}
}
]
}
}
}
}
]
}
}
}
Hope this helps!
The answer is:
{
"query": {
"bool": {
"must": [
{
"has_parent": {
"parent_type": "doc",
"query": {
"bool": {
"must": [
{
"terms": {
"id": [
713
]
}
},
{
"range": {
"created": {
"lte": "now/d"
}
}
},
{
"range": {
"expires": {
"gte": "now/d"
}
}
}
]
}
}
}
},
{
"nested": {
"path": "prices",
"query": {
"bool": {
"filter": [
{
"term": {
"prices.id_prcknd": 167
}
}
]
}
}
}
},
{
"term": {
"doc_type": "item"
}
},
{
"bool": {
"should": [
{
"term": {
"have_prices": true
}
},
{
"term": {
"is_folder": true
}
}
]
}
}
],
"must_not": {
"exists": {
"field": "folder"
}
}
}
},
"sort": [
{
"is_folder": {
"order": "desc"
}
},
{
"title_low.order": {
"order": "asc"
}
}
],
"size": 1000
}
I'm trying to exclude duplicated documents which have the same slug parameters to do it I use aggs in ElasticSearch (version 2.4). I use - this query:
{
"fields":[
"id",
"score"],
"size":0,
"query":{
"function_score":{
"query":{
"bool":{
"should":[
{
"match":{
"main_headline.en":{
"query":"headline_for_search"
}
}
},
{
"match":{
"body.en":"body for search"
}
}],
"must_not":{
"term":{
"id":75333
}
},
"filter":[
{
"term":{
"status":3
}
},
[
{
"term":{
"sites":6
}
}]]
}
},
"functions":[
{
"gauss":{
"published_at":{
"scale":"140w",
"decay":0.3
}
}
}
]
},
"aggs":{
"postslug":{
"terms":{
"field":"slug",
"order":{
"top_score":"desc"
}
},
"aggs":{
"grouppost":{
"top_hits": {
"_source": {
"include": [
"id",
"slug",
]
},
"size" : 10
}
}
}
}
}
}
}
When I run it I get error
failed to parse search source. expected field name but got [START_OBJECT]
I can`t figure out where is a mistake.
Without section aggs all works fine (except present duplicates)
I see one issue which relates to the fact that in the source filtering section include should read includes. Also, the aggs section is not at the right location, you have it in the query section, and it should be at the top-level:
{
"fields": [
"id",
"score"
],
"size": 0,
"query": {
"function_score": {
"query": {
"bool": {
"should": [
{
"match": {
"main_headline.en": {
"query": "headline_for_search"
}
}
},
{
"match": {
"body.en": "body for search"
}
}
],
"must_not": {
"term": {
"id": 75333
}
},
"filter": [
{
"term": {
"status": 3
}
},
[
{
"term": {
"sites": 6
}
}
]
]
}
},
"functions": [
{
"gauss": {
"published_at": {
"scale": "140w",
"decay": 0.3
}
}
}
]
}
},
"aggs": {
"postslug": {
"terms": {
"field": "slug",
"order": {
"top_score": "desc"
}
},
"aggs": {
"grouppost": {
"top_hits": {
"_source": {
"includes": [
"id",
"slug"
]
},
"size": 10
}
}
}
}
}
}
I am trying to combine match query and range query but its not working properly.
GET file*/_search
{
"query":{
"bool":{
"should":[
{
"match":{
"message":"timeout"
}
},
{
"match":{
"message":"java.lang.IllegalStateException"
}
},
{
"range":{
"#timestamp":{
"gt":"now-1h",
"lte":"now",
"time_zone":"+01:00"
}
}
}
]
}
}
}
Date filter is not working properly here ,am i doing something wrong here?
Thanks
Replace }, with ], and add filter to query. For example:
{
"query": {
"bool": {
"should": [
{ "match":{ "message":"timeout" }},
{ "match":{ "message":"java.lang.IllegalStateException"}}
],
"filter": [
{ "range": { "#timestamp": { "gt": "now-15m", "lte": "now", "time_zone":"+01:00" }}}
]
}
}
}
I have the following document:
{
"blocked_availabilities": [
{
"start_time": "2016-05-26T19:30:00Z",
"end_time": "2016-05-26T20:30:00Z"
},
{
"start_time": "2017-05-26T16:00:00Z",
"end_time": "2017-05-26T17:00:00Z",
}
]
}
blocked_availabilities is a nested type in the mapping.
What I'm trying to do is match documents that do not overlap with a specified start and end time. I have the following query to do this (which doesn't work, of course):
{
"query":{
"bool":{
"filter":{
"nested":{
"path":"blocked_availabilities",
"query":{
"bool":{
"must_not":{
"bool":{
"must":[
{
"range":{
"blocked_availabilities.start_time":{
"from":null,
"include_lower":true,
"include_upper":true,
"to":"2016-05-26T20:00:00Z"
}
}
},
{
"range":{
"blocked_availabilities.end_time":{
"from":"2016-05-26T19:00:00Z",
"include_lower":true,
"include_upper":true,
"to":null
}
}
}
]
}
}
}
}
}
}
}
}
}
The problem seems to be that one of the nested documents doesn't match so the whole document is returned.
Is there a good way to do what I want? I expect this document to not be returned by my query since it overlaps with the first nested document.
One way to achieve this is to check it there is any nested object withing the overlapping period and do a must-not of the nested query.
This would end up matching on only documents which do not contain any blocked_availabilities overlapping in the desired time period.
Example:
Setup Index
put test
put test/test/_mapping
{
"properties": {
"blocked_availabilities": {
"type": "nested",
"properties": {
"start_time": {
"type": "date"
},
"end_time": {
"type": "date"
}
}
}
}
}
}
put test/test/1
{
"blocked_availabilities": [
{
"start_time": "2016-05-26T19:30:00Z",
"end_time": "2016-05-26T20:30:00Z"
},
{
"start_time": "2017-05-26T16:00:00Z",
"end_time": "2017-05-26T17:00:00Z"
}
]
}
Query:
put test/test/_search
{
"query": {
"bool": {
"must_not": [
{
"nested": {
"path": "blocked_availabilities",
"query": {
"bool": {
"should": [
{
"range": {
"blocked_availabilities.end_time": {
"lte": "2016-05-26T20:00:00Z",
"gte": "2016-05-26T19:00:00Z"
}
}
},
{
"range": {
"blocked_availabilities.start_time": {
"lte": "2016-05-26T20:00:00Z",
"gte": "2016-05-26T19:00:00Z"
}
}
}
]
}
}
}
}
]
}
}
}
You're trying to make not ((start > s) and (end < e)). Why not simply make (start > e) or (end < s)? Looks it should work if data is consistent.
I'm building up the following search in code, the idea being that it filters down the set of matches then queries this so I can add score based on certain fields. For some reason the filter part works but whatever I put in the query (i.e. in the below I have no index sdfsdfsdf) it still returns anything matching the filter.
Is the syntax wrong?
{
"query":{
"filtered":{
"query":{
"bool":{
"must":{
"match":{
"sdfsdfsdf":{
"query":"4",
"boost":2.0
}
}
}
},
"filter":{
"bool":{
"must":[
{
"terms":{
"_id":[
"55f93ead5df34f1900abc20b",
"55f8ab0226ec4bb216d7c938",
"55dc4e949dcf833308c63d6b"
]
}
},
{
"range":{
"published_date":{
"lte":"now"
}
}
}
],
"must_not":{
"terms":{
"_id":[
"55f0a799acccc28204a5058c"
]
}
}
}
}
}
}
}
}
Your filter is not at the right level. It should not be inside query but at the same level as query like this:
{
"query": {
"filtered": {
"query": { <--- query and filter at the same level
"bool": {
"must": {
"match": {
"sdfsdfsdf": {
"query": "4",
"boost": 2
}
}
}
}
},
"filter": { <--- query and filter at the same level
"bool": {
"must": [
{
"terms": {
"_id": [
"55f93ead5df34f1900abc20b",
"55f8ab0226ec4bb216d7c938",
"55dc4e949dcf833308c63d6b"
]
}
},
{
"range": {
"published_date": {
"lte": "now"
}
}
}
],
"must_not": {
"terms": {
"_id": [
"55f0a799acccc28204a5058c"
]
}
}
}
}
}
}
}
You need to replace sdfsdfsdf with your existing field name in your type, e.g. title, otherwise I think it will fallback to match_all query.
"match":{
"title":{
"query": "some text here",
"boost":2.0
}
}