I have find this problem while making a watch in Elasticsearch, this is my query:
"body": {
"query": {
"bool": {
"must": [
{
"range": {
"percent": {
"lt": 100
}
It returns successfully every document with percent between 0 and 99, however it ignores those with negative value. The "percent" field is mapped as long number in the index.
Can you help me?
Thanks
Edit: Return of executing "curl -XGET localhost:9200/monthly-tickets-2018-06"
{
"monthly-tickets-2018-06": {
"aliases": {},
"mappings": {
"monthly_tickets": {
"properties": {
"percent": {
"type": "long"
},
"priority": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"project": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"ref": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"timestamp": {
"type": "date"
}
}
}
},
"settings": {
"index": {
"creation_date": "1528946562231",
"number_of_shards": "5",
"number_of_replicas": "1",
"uuid": "aIfLjFwqS_aCzQFvZm0L5Q",
"version": {
"created": "6020399"
},
"provided_name": "monthly-tickets-2018-06"
}
}
}
}
Related
When I do
PUT /vehicles/_doc/123
{
"make" : "Honda Civic",
"color" : "Blue",
"from": "Japan",
"size": "Big",
"comment": "deja vu",
"HP" : 250,
"milage" : 24000,
"price": 19300.97
}
It automatically generate the index definition below:
{
"vehicles": {
"aliases": {},
"mappings": {
"properties": {
"HP": {
"type": "long"
},
"color": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"comment": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"from": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"make": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"milage": {
"type": "long"
},
"price": {
"type": "float"
},
"size": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"settings": {
"index": {
"routing": {
"allocation": {
"include": {
"_tier_preference": "data_content"
}
}
},
"number_of_shards": "1",
"provided_name": "vehicles",
"creation_date": "1670864230815",
"number_of_replicas": "1",
"uuid": "etLFicsvSXCpeuFiYCiT0g",
"version": {
"created": "8050299"
}
}
}
}
}
In the index, say color, it has type text, and there is a field keyword, how do we use and query the keyword field?
You just need to use color.keyword in your query when you want to query the keyword field, if you want to just query the text part, you simply use the color in field name.
text and keyword fields are tokenised and stored differently and used in different scenario, this answer will be useful for understand the difference.
I am trying to create a query that aggregates the sum of 3 different field and also matches three different conditions. I don't understand what the error message is saying.
The query below gives this specific error message:
{
"error": {
"root_cause": [
{
"type": "parsing_exception",
"reason": "Unknown key for a VALUE_NUMBER in [Type].",
"line": 1,
"col": 9
}
],
"type": "parsing_exception",
"reason": "Unknown key for a VALUE_NUMBER in [Type].",
"line": 1,
"col": 9
}
}
My query looks as follow:
{
"aggs": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"data.entity.productId": "45c29143b3bb4073a9fd325106784ce2"
}
},
{
"term": {
"data.entity.locationId": "c5f45ffc4fd94dcb926f96f1d5b9d835"
}
},
{
"term": {
"type.keyword": "StockLocationActivityAggregate"
}
}
]
}
}
},
"aggs": {
"directStock": {
"sum": { "field": "data.entity.inStock" },
"aggs": {
"directOutgoing": {
"sum": { "field": "data.entity.outgoing" },
"aggs": {
"directIncoming": { "sum": { "field": "data.entity.incoming" } }
}
}
}
}
}
},
"size": 0
}
Update
I am using the following index map
{
"mapping": {
"_doc": {
"properties": {
"active": {
"type": "boolean"
},
"data": {
"properties": {
"entity": {
"properties": {
"activityDate": {
"type": "date"
},
"creationDate": {
"type": "date"
},
"deleted": {
"type": "boolean"
},
"hash": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"inStock": {
"type": "float"
},
"incoming": {
"type": "float"
},
"locationId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"modifiedOn": {
"type": "date"
},
"modifier": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"orderId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"orderItemId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"outgoing": {
"type": "float"
},
"productId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"reservationDate": {
"type": "date"
},
"version": {
"type": "long"
}
}
},
"hash": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"modifiedOn": {
"type": "date"
},
"modifier": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tenantIdentifier": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version": {
"type": "long"
}
}
},
"deleted": {
"type": "boolean"
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tenantId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version": {
"type": "long"
}
}
}
}
}
I've also tried the example from the elastic search docs and the sample from Val below. They all give the same rror.
The sum aggregation is a metric aggregation that cannot have sub-aggregations... So you cannot do sum -> sum -> sum.
If you need the 3 different sums, you can do something like this:
{
...
"aggs": {
"directIncoming": {
"sum": {
"field": "data.entity.incoming"
}
},
"directStock": {
"sum": {
"field": "data.entity.inStock"
}
},
"directOutgoing": {
"sum": {
"field": "data.entity.outgoing"
}
}
}
}
I have below document been added in ElasticSearch 7.9.2 version.
{
"EmployeeID": 222,
"EmpName": "Lisa jay",
"Age": 33,
"Address": [{
"AddressNo": 1290,
"Street": "Park flower road",
"ZIPCODE": 700
}]
}
I tried without adding .txt but it throws query_shard_exception, however after adding it, it doesn't show the correct result.
GET school/_search
{
"query": {
"query_string": {
"fields": ["EmployeeID.text","Address.ZIPCODE.text"],
"query": "222 700",
"default_operator":"OR"
}
}
}
Please see the image .
For array elements .text is working fine . Any answer or comment is appreciated and won't be down voted by me . Thank you .
Output of GET school/
{
"school": {
"aliases": {},
"mappings": {
"properties": {
"Address": {
"properties": {
"AddressNo": {
"type": "long"
},
"Street": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"ZIPCODE": {
"type": "long"
}
}
},
"Age": {
"type": "long"
},
"EmpName": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"EmployeeID": {
"type": "long"
},
"query": {
"properties": {
"match": {
"properties": {
"phrase": {
"properties": {
"ZIPCODE": {
"type": "long"
}
}
}
}
}
}
},
"t1": {
"properties": {
"properties": {
"properties": {
"address": {
"properties": {
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"age": {
"properties": {
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"id": {
"properties": {
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"name": {
"properties": {
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"partime": {
"properties": {
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
}
}
},
"settings": {
"index": {
"creation_date": "1602337657007",
"number_of_shards": "1",
"number_of_replicas": "1",
"uuid": "9RNUa1gOQ7WrpNoK_KifLA",
"version": {
"created": "7090299"
},
"provided_name": "school"
}
}
}
}
I am trying to create a search query that allows to search by name and type.
I have indexed the values, and my record in Elasticsearch look like this:
{
_index: "assets",
_type: "asset",
_id: "eAOEN28BcFmQazI-nngR",
_score: 1,
_source: {
name: "test.png",
mediaType: "IMAGE",
meta: {
content-type: "image/png",
width: 3348,
height: 1890,
},
createdAt: "2019-12-24T10:47:15.727Z",
updatedAt: "2019-12-24T10:47:15.727Z",
}
}
so how would I create for example, a query that finds all assets that have the name "test' and are images?
I tried multi_mach query but that did not return the correct results:
{
"query": {
"multi_match" : {
"query": "*test* IMAGE",
"type": "cross_fields",
"fields": [ "name", "mediaType" ],
"operator": "and"
}
}
}
The query above returns 0 results, and if I change the operator to "or" it returns all this assets of type IMAGE.
Any suggestions would be greatly appreciated. TIA!
EDIT: Added Mapping
Below is the mapping:
{
"assets": {
"aliases": {},
"mappings": {
"properties": {
"__v": {
"type": "long"
},
"createdAt": {
"type": "date"
},
"deleted": {
"type": "date"
},
"mediaType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"meta": {
"properties": {
"content-type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"width": {
"type": "long"
},
"height": {
"type": "long"
}
}
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"originalName": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"updatedAt": {
"type": "date"
}
}
},
"settings": {
"index": {
"creation_date": "1575884312237",
"number_of_shards": "1",
"number_of_replicas": "1",
"uuid": "nSiAoIIwQJqXQRTyqw9CSA",
"version": {
"created": "7030099"
},
"provided_name": "assets"
}
}
}
}
You are unnecessary using the wildcard expression for this simple query.
First, change your analyzer on name field.
You need to create a custom analyzer which replaces . with space as default standard analyzer doesn't do that, so that you when searching for test you get test.png as there will be both test and png in the inverted index. The main benefit of doing this is to avoid the regex queries which are very costly.
Updated mapping with custom analyzer which would do the work for you. Just update your mapping and re-index again all the doc.
{
"aliases": {},
"mappings": {
"properties": {
"__v": {
"type": "long"
},
"createdAt": {
"type": "date"
},
"deleted": {
"type": "date"
},
"mediaType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"meta": {
"properties": {
"content-type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"width": {
"type": "long"
},
"height": {
"type": "long"
}
}
},
"name": {
"type": "text",
"analyzer" : "my_analyzer"
},
"originalName": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"updatedAt": {
"type": "date"
}
}
},
"settings": {
"analysis": {
"analyzer": {
"my_analyzer": {
"tokenizer": "standard",
"char_filter": [
"replace_dots"
]
}
},
"char_filter": {
"replace_dots": {
"type": "mapping",
"mappings": [
". => \\u0020"
]
}
}
},
"index": {
"number_of_shards": "1",
"number_of_replicas": "1"
}
}
}
Second, you should change your query to bool query as below:
{
"query": {
"bool": {
"must": [
{
"match": {
"name": "test"
}
},
{
"match": {
"mediaType.keyword": "IMAGE"
}
}
]
}
}
}
Which is using must with 2 match queries means, that it would return docs only when there is a match in all the clauses of must query.
I already tested my solution by creating the index, inserting a few sample docs and query them, let me know if you need any help.
Did you tried with best_fields ?
{
"query": {
"multi_match" : {
"query": "Will Smith",
"type": "best_fields",
"fields": [ "name", "mediaType" ],
"operator": "and"
}
}
}
I have this json doc in my elasticsearch:
{
"personId": "5b564b6a0c000b622a55",
"name": "Jake Harper",
"country": "US",
"socialSecurityNumber": 7634904,
"personAddress": {
"city": "Los Angeles",
"street": "Sunset BLVD",
"streetNumber": 149,
},
"additionalAddresses": [
{
"addressType": "office",
"additionalAddress": {
"city": "Santa Monica",
"street": "3rd street",
"streetNumber": 13
}
},
{
"addressType": "property",
"additionalAddress": {
"city": "mxkwUcc branch city",
"street": "mxkwUcc BLVD",
"streetNumber": 255
}
}
]
}
and I want to create an elastic query that will help me to find people by:
personId
socialSecurityNumber
personAddress(all fields)
additionalAddresses(all fields in th array docs)
and im having trouble with creating the query specially with personAddress and additionalAddresses...
can anyone give me some kind of direction here..? thanks!
currently my query looks like :
{
"query": {
"bool": {
"should": [
{
"match": {
"personId": "5b564b6a0c000b622a"
}
},
{
"match": {
"name": "Harper"
}
}
]
}
}
}
im using multiple query cause I will get a term input and I want to check if its part of any of the above fields.
my mappings:
{
"peopledb": {
"mappings": {
"person": {
"properties": {
"additionalAddresses": {
"properties": {
"additionalAddress": {
"properties": {
"city": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"street": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"streetNumber": {
"type": "long"
},
"zipCode": {
"type": "long"
}
}
},
"addressType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"country": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"personAddress": {
"properties": {
"city": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"street": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"streetNumber": {
"type": "long"
},
"zipCode": {
"type": "long"
}
}
},
"personId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
You might need to make additionalAddresses of type nested, but first let's see if multi_match gets you a bit further:
{
"query": {
"bool": {
"should": [
{
"match": {
"personId": "5b564b6a0c000b622a"
}
},
{
"match": {
"name": "Harper"
}
},
{
"match": {
"personAddress.city": "Los"
}
},
{
"multi_match": {
"fields": ["additionalAddresses.additionalAddress.city", "additionalAddresses.additionalAddress.street", "additionalAddresses.additionalAddress.streetNumber"],
"query": "123 Main Street"
}
}
]
}
}
}