Filtering ElasticSearch query where date value is lte a given value or missing - elasticsearch

I need to filter an ES query where the value of a date field is LTE a given value or the field is missing altogether. Here's my query at this point:
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"must":[
{
"bool":{
"should":[
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"must_not":[
{
"exists":{
"field":"category.object.startdate"
}
}
]
}
]
}
}
]
}
}
}
}
]
}
}
}
When I submit that query, I get the error "[must_not] query malformed, no start_object after query name". We're running ElasticSearch version 5.3.1 in case that matters.


I refactored the query a bit. Removed a must, added a bool for the must_not.
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"should": [
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "category.object.startdate"
}
}
}
}
]
}
}
}
}
]
}
}
}

Related

Nested bool query with multiple must and should

Look at my use case below
Two nested fields
base1.point1
base1.point2
base1.point3
base1.point4
and
base2.point1
base2.point2
base2.point3
base2.point4
search condition
(
(base1.point1 AND base1.point2) OR (base1.point2 AND base1.point3)
)
AND
(
(base2.point1 AND base2.point2) OR (base2.point2 AND base2.point3)
)
Please help for writing above in a single query.

Note that I'm assuming that when you meant nested you are actually talking about Nested Datatype and not plain Object Datatype
Also looking at your question, you are only concerned if the nested fields exists or not, regardless of their values. For such use cases you would need to make use of Exists Query.
Below is how my Nested Query would be:
POST <you_index_name>/_search
{
"query":{
"bool":{
"must":[
{
"bool":{
"should":[
{
"bool":{
"must":[
{
"nested":{
"path":"base1",
"query":{
"exists":{
"field":"base1.point1"
}
}
}
},
{
"nested":{
"path":"base1",
"query":{
"exists":{
"field":"base1.point2"
}
}
}
}
]
}
},
{
"bool":{
"must":[
{
"nested":{
"path":"base1",
"query":{
"exists":{
"field":"base1.point2"
}
}
}
},
{
"nested":{
"path":"base1",
"query":{
"exists":{
"field":"base1.point3"
}
}
}
}
]
}
}
]
}
},
{
"bool":{
"should":[
{
"bool":{
"must":[
{
"nested":{
"path":"base2",
"query":{
"exists":{
"field":"base2.point1"
}
}
}
},
{
"nested":{
"path":"base1",
"query":{
"exists":{
"field":"base2.point2"
}
}
}
}
]
}
},
{
"bool":{
"must":[
{
"nested":{
"path":"base2",
"query":{
"exists":{
"field":"base2.point2"
}
}
}
},
{
"nested":{
"path":"base2",
"query":{
"exists":{
"field":"base2.point3"
}
}
}
}
]
}
}
]
}
}
]
}
}
}
Hope this helps!

How to filter a field using Elastic Search

I'm trying to create a query with elasticsearch to filter the records of the same city and price.
But the city filter is not working.
POST diadeturista/services/_search
{
"query":{
"bool":{
"must":[
],
"filter":{
"bool":{
"must":{
"terms":{
"city":[
"Contagem"
]
},
"range":{
"price_adult":{
"lte":"300",
"gte":"150"
}
}
}
}
}
}
}
}
SHow me this error:
[terms] malformed query, expected [END_OBJECT] but found [FIELD_NAME]

I think what you want todo is
{
"query":{
"bool":{
"must": [
{
"terms":{
"city":[
"Contagem"
]
}
},
{
"range":{
"price_adult":{
"lte":"300",
"gte":"150"
}
}
}
]
}
}
}

bool malformed query, expected END_OBJECT but found FIELD_NAME

I have some problem with the elasticsearch query. when I use the query code it feedback the messages [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME].
{
"from":0,
"size":15,
"query":{
"bool":{
"must":[
{
"multi_match":{
"query":"books",
"fields":[
"title^20",
"lead^10",
"content"
],
"type":"phrase"
}
}
]
},
"must":{
"match":{
"groupid":"599e4b49239cfa0a5a5f189d"
}
}
},
"sort":[
{
"times":{
"order":"desc"
}
}
]
}

Your second must clause is not properly located, it must be inside the existing bool/must query. You need to rewrite your query to this:
{
"from":0,
"size":15,
"query":{
"bool":{
"must":[
{
"multi_match":{
"query":"books",
"fields":[
"title^20",
"lead^10",
"content"
],
"type":"phrase"
}
},
{
"match":{
"groupid": "599e4b49239cfa0a5a5f189d"
}
}
]
}
},
"sort":[
{
"times":{
"order":"desc"
}
}
]
}

How to do mulitple text search in elastic search

I want to do multiple text search in same field
for example in sub_cat_seo_url field i want to get 'english-news' and 'business-news' filter by language and region
when i tried like below code it is not working
{
"query":{
"filtered":{
"query":{
"query_string":{
"query":[
"english-news",
"business-news"
],
"fields":[
"sub_cat_seo_url"
]
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"lang":"en"
}
},
{
"term":{
"region":"1"
}
}
]
}
}
}
}
}
For single text search it is working fine
{
"query":{
"filtered":{
"query":{
"query_string":{
"query":"english-news",
"fields":[
"sub_cat_seo_url"
]
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"lang":"en"
}
},
{
"term":{
"region":"1"
}
}
]
}
}
}
}
}
Please help what have to change in my code, to do multi text search in same field (or operation)
Thanks
Thanigaivelan

Try out this
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "\"english-news\" AND \"business-news\"",
"fields": [
"sub_cat_seo_url"
]
}
},
"filter": {
"bool": {
"must": [
{
"term": {
"lang": "en"
}
},
{
"term": {
"region": "1"
}
}
]
}
}
}
}
}

Which DSL is correct for performing a pre-filtered query?

I've looked back at some queries I have saved, and it appears I've managed to achieve essentially the same query in three different ways. They all return the same data, but which one is 'correct'? I.e., which one contains no superfluous code and is most performant?
Option 1
{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 2
{
"query":{
"filtered":{
"filter":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 3
{
"query":{
"filtered":{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
If I were to guess, I'd go for Option 2, as the others appear that they might be running match as query. But the documentation is pretty confusing regarding the correct form that DSL queries should take.

Based on your comment, I'd go for option 2 but with a simple term filter for starters instead of match which isn't allowed in filters.
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"event": "eventname"
}
},
{
"range": {
"#timestamp": {
"gt": "now-70s"
}
}
}
]
}
}
}
},
"aggs": {
"myterms": {
"terms": {
"field": "event"
}
}
}
}

Resources