Is it possible to sort by "date_range" field in Elasticsearch?
If yes, how?
My Elasticsearch version: 6.3.0
You can find my examples below.
I want to sort by "dater"
Thanks,
Mapping:
PUT testindex
{
"mappings": {
"datetest": {
"properties": {
"created": {
"type": "date"
},
"id": {
"type": "keyword"
},
"Name": {
"type": "keyword"
},
"dater": {
"type": "date_range"
}
}
}
}
}
query:
GET /testindex/_search
{
"query": {
"match_all": {}
},
"sort": [
{
"dater": {
"order": "desc"
}
}
]
}
result:
error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "Fielddata is not supported on field [dater] of type [date_range]"
}
]
}
Related
I have an ID field which is a UUID that I want to use as unique sort (because created_at is not unique) and wildcard query.
Example, searching b85f9fdd will result in document with ID b85f9fdd-5557-4f70-bbd7-9a23b0485235
I have try to create this index:
{
"settings": {
"index": {
"sort.field": [ "created_at", "id" ],
"sort.order": [ "desc", "desc" ]
}
},
"mappings": {
"properties": {
"id": { "type": "wildcard", "fields": { "raw": { "type": "keyword" }}},
"current_status": { "type": "keyword" },
"version_rev": { "type": "keyword" },
"tracking_id": { "type": "wildcard" },
"invoice_number": { "type": "keyword" },
"created_at": { "type": "date" }
}
}
}
}
But i got the reply:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "invalid index sort field:[id]"
}
],
"type": "illegal_argument_exception",
"reason": "invalid index sort field:[id]"
},
"status": 400
}
You need to sort by id.raw instead:
"settings": {
"index": {
"sort.field": [ "created_at", "id.raw" ],
"sort.order": [ "desc", "desc" ]
}
},
I have a mapping:
"ntol-2020-05" : {
"mappings" : {
{
"properties": {
"_createdAt": {
"type": "date"
},
"_logType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"device": {
"properties": {
...
}
},
"resp": {
"type": "nested",
"properties": {
"data": {
"type": "nested",
"properties": {
...
}
}
}
}
}
}
}
}
}
I filter with three condition:
"_logType" is "crawler".
"_createdAt" on "2020-05-23".
Size of "resp" = 0.
I am trying to filter with query:
{"query":{"bool":{"must":[{"term":{"_logType":{"value":"crawler"}}},{"range":{"_createdAt":{"gte":"2020-05-23","lte":"2020-05-23","time_zone":"+07:00"}}},{"nested":{"path":"resp","query":{"script":{"script":{"source":"doc['resp'].size() > 0"}}}}}]}},"from":0,"size":10}
It return error:
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:94)",
"org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:41)",
"doc['resp'].size() > 0",
" ^---- HERE"
],
"script": "doc['resp'].size() > 0",
"lang": "painless",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "No field found for [resp] in mapping with types []"
}
}
If I use script "doc.containsKey('resp') && doc['resp'].size() > 0" then It will return hits length = 0.
Help me. Thanks!
You can use exists to return documents where "nested" field "resp" has value.
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "resp",
"query": {
"bool": {
"filter": {
"exists": {
"field": "resp"
}
}
}
}
}
}
]
}
},
"from": 0,
"size": 10
}
I am trying to fetch documents where is missing field "topic.description" and match term "fundedUnder.programme": "ABC".
Mapping:
...
"fundedUnder": {
"properties": {
"programme": {
"type": "string"
},
"subprogramme": {
"type": "string"
}
}
},
"topics": {
"type": "nested",
"include_in_parent": true,
"properties": {
"code": {
"type": "string",
"analyzer": "analyzer_keyword"
},
"description": {
"type": "string",
"analyzer": "analyzer_keyword"
},
"title": {
"type": "string",
"analyzer": "analyzer_keyword"
}
}
},
...
My Query looks like:
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"missing": {
"field": "topics.description"
}
},
{
"term": {
"fundedUnder.programme" : "ABC"
}
}
]
}
}
}
}
}
This query found nothing and that is wrong, because I have in indexes a lot of documents with fundedUnder.programme == "ABC" and with missing field topics.description.
Thanks in advance.
ElasticSearch version 1.7.5
I believe this should work:
EDIT: updated to use version 1.7 Query DSL
{
"query": {
"filtered": {
"query": {
"match": { "fundedUnder.programme" : "ABC" }
},
"filter": {
"missing": { "field": "topics.description" }
}
}
}
}
I am use the percolate query in ES. But I don't merge bool query and sort query:
My purpose:
Sort prices of added product today.
My existing index
PUT /product-alert
{
"mappings": {
"doctype": {
"properties": {
"product_name": { "type": "text" },
"price": { "type": "double"},
"user_id": { "type": "integer" },
"date" : { "type": "date" }
}
},
"queries": {
"properties": {
"query": {
"type": "percolator"
}
}
}
}
}
I have a following error.
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "mapper [sort] of different type, current_type [text], merged_type [ObjectMapper]"
}
],
"type": "illegal_argument_exception",
"reason": "mapper [sort] of different type, current_type [text], merged_type [ObjectMapper]"
},
"status": 400
}
Elastic query:
PUT /product-alert/queries/1?refresh
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "(product_name:iphone)"
}
},
{
"range": {
"created_at": {
"gte": "2017-05-12",
"lte": "2017-05-12",
"include_lower": true,
"include_upper": true
}
}
}
]
}
},
"from": 0,
"size": 200,
"sort": [
{
"price": {
"order": "asc"
}
},
"_score"
]
}
Where is my fault? Sort working 'sort':'_score' only, but it is mischievous to me.
Thanks in advance
I have documents in Elasticsearch with the following structure:
"mappings": {
"document": {
"properties": {
"#timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"#version": {
"type": "string"
},
"id_secuencia": {
"type": "long"
},
"event": {
"properties": {
"elapsedTime": {
"type": "double"
},
"requestTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"error": {
"properties": {
"errorCode": {
"type": "string",
"index": "not_analyzed"
},
"failureDetail": {
"type": "string"
},
"fault": {
"type": "string"
}
}
},
"file": {
"type": "string",
"index": "not_analyzed"
},
"messageId": {
"type": "string"
},
"request": {
"properties": {
"body": {
"type": "string"
},
"header": {
"type": "string"
}
}
},
"responseTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"service": {
"properties": {
"operation": {
"type": "string",
"index": "not_analyzed"
},
"project": {
"type": "string",
"index": "not_analyzed"
},
"proxy": {
"type": "string",
"index": "not_analyzed"
},
"version": {
"type": "string",
"index": "not_analyzed"
}
}
},
"timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"user": {
"type": "string",
"index": "not_analyzed"
}
}
},
"type": {
"type": "string"
}
}
}
}
And I need to retrieve a list of unique values for the field "event.file" (to show in a Kibana Data Table) according to the following criteria:
There is more than one document with the same value for the field "event.file"
All the occurences for that value of "event.file" have resulted in error (field "event.error.errorCode" exists in all documents)
For that purpose the approach I've been testing is the use of terms aggregation, so I can get a list of buckets with all documents for a single file name. What I haven't been able to achieve is to drop some of the resulting buckets in the aggregation according to the previous criteria (if at least one of them does not have an error the bucket should be discarded).
Is this the correct approach or is there a better/easier way to get this type of result?
Thanks a lot.
After trying out several queries I found the following approach (see query below) to be valid for my purpose. The problem I see now is that apparently it is not possible to do this in Kibana, as it has no support for pipeline aggregations (see https://github.com/elastic/kibana/issues/4584).
{
"query": {
"bool": {
"must": [
{
"filtered": {
"filter": {
"exists": {
"field": "event.file"
}
}
}
}
]
}
},
"size": 0,
"aggs": {
"file-events": {
"terms": {
"field": "event.file",
"size": 0,
"min_doc_count": 2
},
"aggs": {
"files": {
"filter": {
"exists": {
"field": "event.file"
}
},
"aggs": {
"totalFiles": {
"value_count": {
"field": "event.file"
}
}
}
},
"errors": {
"filter": {
"exists": {
"field": "event.error.errorCode"
}
},
"aggs": {
"totalErrors": {
"value_count": {
"field": "event.error.errorCode"
}
}
}
},
"exhausted": {
"bucket_selector": {
"buckets_path": {
"total_files":"files>totalFiles",
"total_errors":"errors>totalErrors"
},
"script": "total_errors == total_files"
}
}
}
}
}
}
Again, if I'm missing something feedback will be appreciated :)