I would like to query 2 different prefixes for the same field. The code below works exactly how I would like it to when working with on field:
GET /logstash-*/_search
{
"query": {
"match_phrase_prefix" : {
"type" : {
"query" : "job-source"
}
}
}
}
I could not find in the docs how to do this with two queries (I found how to search in multiple fields). I have tried a boolean should and the snippet below but both are not giving me the results I am looking for.
GET /logstash-*/_search
{
"query": {
"match_phrase_prefix" : {
"type" : {
"query" : ["job-source","job-find"]
}
}
}
}
How do I query for only documents that have type:job-source or type:job-find as the prefix?
Thank you in advance,
You can combine two match_phrase_prefix queries using should and set minimum_should_match to 1.
Sample Query:
{
"query":
{
"bool":
{
"should": [
{
"match_phrase_prefix":
{
"type": "job-source"
}
},
{
"match_phrase_prefix":
{
"type": "job-find"
}
}],
"minimum_should_match": 1
}
}
}
Related
I want the count of each values of a variable based on some filter applied in elastic search. For example, I want all the age groups but on the filter that the students are from California.
The age groups is text field and contains an array like this,
"age_group": ["5-6-years", "6-7-years"]
I kinda want a query like this but this ain't working. It throws an error saying
unable to parse BaseAggregationBuilder with name [count]: parser not found
"student_aggregation": {
"nested": {
path": "students"
},
"aggs": {
"available": {
"filter": {
"term": { "students.place_of_birth": "California" }
},
"aggs" : {
"age_group" : { "count" : { "field" : "students.age_group" } }
}
}
}
}
Request help from you troops.
That's because there's no metric aggregation called count but value_count instead:
"student_aggregation": {
"nested": {
path": "students"
},
"aggs": {
"available": {
"filter": {
"term": { "students.gender": "boys" }
},
"aggs" : {
"age_group" : { "value_count" : { "field" : "students.age_group" } }
^^^
|||
}
}
}
}
UPDATE:
After discussions, the terms aggregation was more appropriate than value_count. After fixing the mapping (which was text instead of keyword), the query worked out correctly
I am trying to query a column in elastic search that contains email addresses with the following filter.
{
"query": {
"bool": {
"must": [
{
"term": {
"from":"andrei#hotmail.com123"
}
}
]
}
},
"from": 0,
"size": 10,
"sort": [],
"aggs": {}
}
if I try andrei it works fine. Also if I try hotmail.com123. However if I try to search for andrei#hotmail.com123 nothing is returned. Any clues why?
We found this answer and it seems to work, considering that we replace in code the # with an empty string
{
"query": {
{
"match" : {
"from" : {
"query" : "andrei hotmail.com123",
"operator" : "and"
}
}
}
]}}
}
I am new to Elastic search . Please help me in finding the filter/query to be written to match the exact records using Java API.
Below is the mongodb record .I need to get both the record matching the word 'Jerry' using elastic search.
{
"searchcontent" : [
{
"key" : "Jerry",
"sweight" : "1"
},{
"key" : "Kate",
"sweight" : "1"
},
],
"contentId" : "CON_4",
"keyword" : "TEST",
"_id" : ObjectId("55ded619e4b0406bbd901a47")
},
{
"searchcontent" : [
{
"key" : "TOM",
"sweight" : "2"
},{
"key" : "Kruse",
"sweight" : "2"
}
],
"contentId" : "CON_3",
"keyword" : "Jerry",
"_id" : ObjectId("55ded619e4b0406ccd901a47")
}
And if you would like to search in all the fields.
Then you can just do a match _all query,
POST <index name>/<type name>/_search.
{
"query": {
"match" : {
"_all" : "Jerry"
}
}
}
This searches for 'Jerry' in all the fields.
A Multi-Match query is what you need to search across multiple fields. Below query will search for the word "jerry" in both the fields "searchcontent.key" and "keyword" which is what you want.
POST <index name>/<type name>/_search
{
"query": {
"multi_match": {
"query": "jerry",
"fields": [
"searchcontent.key",
"keyword"
]
}
}
}
There is no single solution, it depends how you map your data in elastic search and what you are indexing
GET /intu/_settings
You can use: query string.
If you don't need to combine filter you can remove bool and should.
From the documentation: "The bool query takes a more-matches-is-better approach, so the score from each matching must or should clause will be added together to provide the final _score for each document."
For example:
GET /yourstaff/_search
{
"query": {
"filtered": {
"query": {
"bool": {
"should":
{
"query_string": {
"query": "jerry"
}
}
}
}
}
}
}
Take a look to the documentation:
Query string
Term vs full-search
Bool query
Use Sense to figure out what results you want to have
Using filter is a better option as it caches the results..
{
"query":
{
"bool":
{
"should":
[
{
"term":
{
"searchcontent.key":"jerry"
}
},
{
"term":
{
"keyword":"jerry"
}
}
]
}
}
}
https://www.elastic.co/blog/found-optimizing-elasticsearch-searches
A suggested read for better search.
I am trying to use Elastic Search and I am stuck trying to query for the nested object.
Basically my object is of the following format
{
"name" : "Some Name",
"field2": [
{
"prop1": "val1",
"prop2": "val2"
},
{
"prop1": "val3",
"prop2":: "val4"
}
]
}
Mapping I used for the nested field is the following.
PUT /someval/posts/_mapping
{
"posts": {
"properties": {
"field2": {
"type": "nested"
}
}
}
}
Say now i insert elements for /field/posts/1 and /field/posts/2 etc. I have k values for field2.prop1 and i want a query which gets the posts sorted based on most match of field2.prop1 among the K values i have. What would be the appropriate query for that.
Also I tried a simple filter but even that doesnt seem to work right.
GET /someval/posts/_search
{
"query": {
"filtered": {
"query": {
"match_all": {}
}
},
"filter" : {
"nested" : {
"path" : "field2",
"filter" : {
"bool" : {
"must" : [
{
"term" : {"field2.prop1" : "val1"}
}
]
}
},
"_cache" : true
}
}
}
}
The above query should match atleast the first post. But it returns no match. Can anyone help to clarify whats wrong here ?
There was problem in your json structure, you used filtered query , but filter(object) was in different level than query.
Find the difference.
POST /someval/posts/_search
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"nested": {
"path": "field2",
"filter": {
"bool": {
"must": [
{
"term": {
"field2.prop1": "val1"
}
}
]
}
},
"_cache": true
}
}
}
}
}
I'm quite new to Elasticsearch, so here's my question.
I wanna do a search query with elasticsearch and wanna filter with multiple terms.
If I want to search for a user 'tom', then I would like to have all the matches where the user 'isActive = 1', 'isPrivate = 0' and 'isOwner = 1'.
Here's my search query
"query":{
"filtered": {
"query": {
"query_string": {
"query":"*tom*",
"default_operator": "OR",
"fields": ["username"]
}
},
"filter": {
"term": {
"isActive": "1",
"isPrivate": "0",
"isOwner": "1"
}
}
}
}
When I use 2 terms, it works like a charm, but when i use 3 terms it doesn't.
Thanks for the help!!
You should use bool filter to AND all your terms:
"query":{
"filtered": {
"query": {
"query_string": {
"query":"*tom*",
"default_operator": "OR",
"fields": ["username"]
}
},
"filter": {
"bool" : {
"must" : [
{"term" : { "isActive" : "1" } },
{"term" : { "isPrivate" : "0" } },
{"term" : { "isOwner" : "1" } }
]
}
}
}
}
For version 2.x+ you can use bool query instead of filtered query with some simple replacement: https://www.elastic.co/guide/en/elasticsearch/reference/7.4/query-dsl-filtered-query.html
As one of the comments says, the syntax has changed in recent ES versions. If you are using Elasticsearch 6.+, and you want to use a wildcard and a sequence of terms in your query (such as in the question), you can use something like this:
GET your_index/_search
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"your_field_name_1": {
"value": "tom*"
}
}
},
{
"term": {
"your_field_name_2": {
"value": "US"
}
}
},
{
"term": {
"your_field_name_3": {
"value": "Michigan"
}
}
},
{
"term": {
"your_field_name_4": {
"value": "0"
}
}
}
]
}
}
}
Also, from the documentation about wildcard queries:
Note that this query can be slow, as it needs to iterate over many
terms. In order to prevent extremely slow wildcard queries, a wildcard
term should not start with one of the wildcards * or ?.
I hope this helps.