I am using pretty old elasticsearch 2.5. I have the availability information of hotels in each doc. There is a field called "availabilities" whose mapping is as follows:
"availabilities":{
"type": "nested",
"dynamic": "strict",
"properties": {
"start": { "type": "date", "format": "yyyy-MM-dd" },
"end": { "type": "date", "format": "yyyy-MM-dd" }
}
}
One of the sample doc (stripped version) is as follows:
{
"name": "Seaside hotel",
"availabilities": [
{
"start": "2018-03-01",
"end": "2018-10-01"
},
{
"start": "2018-10-04",
"end": "2018-10-04"
},
{
"start": "2018-10-06",
"end": "2018-10-06"
},
{
"start": "2018-10-08",
"end": "2018-10-17"
},
{
"start": "2018-10-21",
"end": "2018-10-28"
},
{
"start": "2018-10-30",
"end": "2018-10-31"
},
{
"start": "2018-11-03",
"end": "2018-11-10"
},
{
"start": "2018-11-13",
"end": "2019-03-01"
},
{
"start": "2019-03-04",
"end": "2019-03-04"
},
{
"start": "2019-03-06",
"end": "2020-02-29"
}
]
}
I am trying to find all those hotels' doc, that has availability from "2018-10-01" (YYYY-MM-DD) to "2018-10-10". My search query is as follows:
where the start and end dates are compared in milliseconds 1539154800000 milliseconds = 2018-10-10 and 1538377200000 = 2018-10-01
GET hotels/_search
{
"query": {
"filtered": {
"filter": {
"query": {
"bool": {
"must": [{
"nested": {
"query": {
"bool": {
"must": [{
"script": {
"script": "return (doc['availabilities.end'].date.getMillis() <= 1539154800000 && doc['availabilities.start'].date.getMillis() >= 1538377200000)"
}
}]
}
},
"path": "availabilities"
}
}],
"must_not": null
}
}
}
}
}
}
When I run this query, I end up getting the above "Seaside hotel" in the result set, while it should not have been there because it doesn't have any availabilites from 2018-10-01 to 2018-10-10.
Now I changed my query to not use the script and here I am searching hotel which has availability from 2018-10-09 to 2018-10-16
GET hotels/_search
{
"query": {
"filtered": {
"filter": {
"query": {
"bool": {
"must": [{
"nested": {
"query": {
"bool": {
"must": [{
"range": {
"availabilities.end": {
"gte": "2018-10-16"
}
}
}, {
"range": {
"availabilities.start": {
"lte": "2018-10-09"
}
}
}]
}
},
"path": "availabilities"
}
}],
"must_not": null
}
}
}
}
}
}
and this query should have brought me "Seaside hotel" doc in the result as it has availability per search date, but the search did not give me this hotel.
My whole purpose is to have a query to search hotels in the specified availabilities date by the user. Any idea what am I doing wrong or how can I achieve my goal?
Hello friend your query is returning correct result. I tested it on my machine as you mentioned and its return me correct document.
First I put index
PUT hotels
And then i put name type of hotel index with mentioned mapping
PUT hotels/_mapping/name
{
"name": {
"properties": {
"availabilities": {
"type": "nested",
"dynamic": "strict",
"properties": {
"start": {
"type": "date",
"format": "yyyy-MM-dd"
},
"end": {
"type": "date",
"format": "yyyy-MM-dd"
}
}
},
"name":{
"type": "string"
}
}
}
}
And i put data
PUT hotels/name/1
{
"name": "Seaside hotel",
"availabilities": [
{
"start": "2018-03-01",
"end": "2018-10-01"
},
{
"start": "2018-10-04",
"end": "2018-10-04"
},
{
"start": "2018-10-06",
"end": "2018-10-06"
},
{
"start": "2018-10-08",
"end": "2018-10-17"
},
{
"start": "2018-10-21",
"end": "2018-10-28"
},
{
"start": "2018-10-30",
"end": "2018-10-31"
},
{
"start": "2018-11-03",
"end": "2018-11-10"
},
{
"start": "2018-11-13",
"end": "2019-03-01"
},
{
"start": "2019-03-04",
"end": "2019-03-04"
},
{
"start": "2019-03-06",
"end": "2020-02-29"
}
]
}
And i run query
GET hotels/name/_search
{
"query": {
"bool": {
"must": [
{
"nested": {
"inner_hits":{},
"query": {
"bool": {
"must": [
{
"range": {
"availabilities.end": {
"gte": "2018-10-16"
}
}
},
{
"range": {
"availabilities.start": {
"lte": "2018-10-09"
}
}
}
]
}
},
"path": "availabilities"
}
}
]
}
}
}
And Output is
{
"_index": "hotels",
"_type": "name",
"_id": "1",
"_score": 1.4142135,
"_source": {
"name": "Seaside hotel",
"availabilities": [
{
"start": "2018-03-01",
"end": "2018-10-01"
},
{
"start": "2018-10-04",
"end": "2018-10-04"
},
{
"start": "2018-10-06",
"end": "2018-10-06"
},
{
"start": "2018-10-08",
"end": "2018-10-17"
},
{
"start": "2018-10-21",
"end": "2018-10-28"
},
{
"start": "2018-10-30",
"end": "2018-10-31"
},
{
"start": "2018-11-03",
"end": "2018-11-10"
},
{
"start": "2018-11-13",
"end": "2019-03-01"
},
{
"start": "2019-03-04",
"end": "2019-03-04"
},
{
"start": "2019-03-06",
"end": "2020-02-29"
}
]
}
}
Please check it.
Related
I am trying to simulate a watch and see if the actions are triggering fine. But my problem is the search returns no results.
My query
Checks for a particular index.
Checks for a range
Check for the servicename field to be a particular value.
This is my watch definition
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"body": {
"query": {
"bool": {
"filter": [
{
"term": {
"level": {
"value": "ERROR"
}
}
},
{
"term": {
"servicename": [
"Iit.Det.Urm.MepsSubscriber"
]
}
},
{
"range": {
"#timestamp": {
"gte": "now-60m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"notify-slack": {
"slack": {
"account": "elastic_watcher_alerts",
"proxy": {
"host": "proxy.dom",
"port": 80
},
"message": {
"from": "Error Monitor",
"to": [
"#det-errors"
],
"text": "The following error(s) have been logged",
"dynamic_attachments": {
"list_path": "ctx.payload.items",
"attachment_template": {
"color": "#f00",
"title": "{{msg}}",
"title_link": "https://elastic.mid.dom:port/{{index}}/doc/{{id}}?pretty",
"text": "{{msg}}",
"fields": [
{
"title": "Server",
"value": "{{host}}",
"short": true
},
{
"title": "Servicename",
"value": "{{service}}",
"short": true
}
]
}
}
}
}
}
},
"transform": {
"script": {
"source": "['items': ctx.payload.hits.hits.collect(hit -> ['msg': hit._source.message, 'service': hit._source.servicename, 'index': hit._index, 'id' : hit._id, 'host': hit._source.agent.hostname ])]",
"lang": "painless"
}
}
}
I am trying to now test it by using the simulate option and giving it an input. This input is copied from actual data that is in the index. I copied a json document from kibana (in the discover section), so the alternate input json should be ok
Here's the alternative input
{
"_index": "datasolutions-svc-live-7.7.0-2021.01",
"_type": "doc",
"_id": "Hre9SHcB1QIqYEnyxSCw",
"_version": 1,
"_score": null,
"_source": {
"exception": "System.Data.SqlClient.SqlException (0x80131904): blabla",
"agent": {
"hostname": "SATSVC3-DK1",
"name": "datasolutions-svc-live",
"id": "8c826ae1-e411-4257-a31f-08824dd58b5a",
"type": "filebeat",
"ephemeral_id": "e355bf8a-be67-4ed1-85f4-b9043674700e",
"version": "7.7.0"
},
"log": {
"file": {
"path": "D:\\logs\\7DaysRetention\\Iit.Det.Urm.MepsSubscriber\\Iit.Det.Urm.MepsSubscriber.log.20210128.log"
},
"offset": 17754757
},
"level": "ERROR",
"message": "Error while starting service.",
"#timestamp": "2021-02-17T10:00:28.343Z",
"ecs": {
"version": "1.5.0"
},
"host": {
"name": "datasolutions-svc-live"
},
"servicename": "Iit.Det.Urm.MepsSubscriber",
"codelocation": "Iit.Det.Urm.MepsSubscriber.MepsSubscriberService.OnStart:29"
},
"fields": {
"#timestamp": [
"2021-02-17T10:00:28.343Z"
]
},
"highlight": {
"servicename": [
"#kibana-highlighted-field#Iit.Det.Urm.MepsSubscriber#/kibana-highlighted-field#"
]
},
"sort": [
1611833128343
]
}
But when I run "simulate", I get the ctx.payload.total.hits as null because apparently it does not find any results. Result of the simulate-
{
"watch_id": "_inlined_",
"node": "eMS-E34eT4-zZhGwtPNSmw",
"state": "execution_not_needed",
"user": "sum",
"status": {
"state": {
"active": true,
"timestamp": "2021-02-17T10:57:04.077Z"
},
"last_checked": "2021-02-17T10:57:04.077Z",
"actions": {
"notify-slack": {
"ack": {
"timestamp": "2021-02-17T10:57:04.077Z",
"state": "awaits_successful_execution"
}
}
},
"execution_state": "execution_not_needed",
"version": -1
},
"trigger_event": {
"type": "manual",
"triggered_time": "2021-02-17T10:57:04.077Z",
"manual": {
"schedule": {
"scheduled_time": "2021-02-17T10:57:04.077Z"
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"filter": [
{
"term": {
"level": {
"value": "ERROR"
}
}
},
{
"term": {
"servicename": [
"Iit.Det.Urm.MepsSubscriber"
]
}
},
{
"range": {
"#timestamp": {
"gte": "now-60m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"metadata": {
"name": "datasolutions-svc-mepssubscriber",
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2021-02-17T10:57:04.077Z",
"execution_duration": 0,
"input": {
"type": "simple",
"status": "success",
"payload": {
"highlight": {
"servicename": [
"#kibana-highlighted-field#Iit.Det.Urm.MepsSubscriber#/kibana-highlighted-field#"
]
},
"_index": "datasolutions-svc-live-7.7.0-2021.01",
"_type": "doc",
"_source": {
"exception": "System.Data.SqlClient.SqlException (0x80131904): blabla",
"agent": {
"hostname": "SATSVC3-DK1",
"name": "datasolutions-svc-live",
"id": "8c826ae1-e411-4257-a31f-08824dd58b5a",
"type": "filebeat",
"ephemeral_id": "e355bf8a-be67-4ed1-85f4-b9043674700e",
"version": "7.7.0"
},
"#timestamp": "2021-02-17T10:00:28.343Z",
"ecs": {
"version": "1.5.0"
},
"log": {
"file": {
"path": "D:\\logs\\7DaysRetention\\Iit.Det.Urm.MepsSubscriber\\Iit.Det.Urm.MepsSubscriber.log.20210128.log"
},
"offset": 17754757
},
"level": "ERROR",
"host": {
"name": "datasolutions-svc-live"
},
"servicename": "Iit.Det.Urm.MepsSubscriber",
"message": "Error while starting service.",
"codelocation": "Iit.Det.Urm.MepsSubscriber.MepsSubscriberService.OnStart:29"
},
"_id": "Hre9SHcB1QIqYEnyxSCw",
"sort": [
1611833128343
],
"_score": null,
"fields": {
"#timestamp": [
"2021-02-17T10:00:28.343Z"
]
},
"_version": 1
}
},
"condition": {
"type": "compare",
"status": "success",
"met": false,
"compare": {
"resolved_values": {
"ctx.payload.hits.total": null
}
}
},
"actions": []
},
"messages": []
}
I am not sure what can't it find the results. Can someone tell me what is it that I am doing wrong?
I was able to solve it using the "inspect" section of discover page of the index.
Finally my input for the watcher query had to be changed to
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"datasolutions-svc-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"servicename": "Iit.Det.Urm.MepsSubscriber"
}
}
],
"minimum_should_match": 1
}
},
{
"match_phrase": {
"level": "ERROR"
}
},
{
"range": {
"#timestamp": {
"gte": "now-10m",
"format": "strict_date_optional_time"
}
}
}
],
"should": [],
"must_not": []
}
}
}
}
}
}
I'm trying to use total hit count with the bucket_script aggregation as sub aggregation of terms aggregation. Any suggestions are welcome.
I also tried value_count and terms aggregation on the package id field. But it also didn't work.
ES version: 6.7.1
Mapping:
PUT /packages/_mapping/_doc
{
"properties": {
"items": {
"type": "nested"
}
}
}
Example document:
{
"id": 1,
"name": "Lorem",
"items": [
{
"infos": {
"available": true
},
"item": {
"id": 1,
"meta": false,
"name": "Ipsum"
}
},
{
"infos": {
"available": false
},
"item": {
"id": 2,
"meta": false,
"name": "Ipsum 2"
}
},
{
"infos": {
"available": false
},
"item": {
"id": 3,
"meta": false,
"name": "Ipsum 3"
}
}
]
}
My aggregation query:
GET /packages/_search
{
"query": { "match_all": {} },
"size": 0,
"aggs": {
"items": {
"nested": {
"path": "items"
},
"aggs": {
"non_meta": {
"filter": {
"term": {
"items.item.meta": false
}
},
"aggs": {
"item": {
"terms": {
"field": "items.item.id"
},
"aggs": {
"total_count": { <--------------------- **I want to get total document count here, but I can only reach `doc_count` for docs that includes items**
"reverse_nested": {}
},
"available_count": {
"sum": {
"script": {
"source": "doc['items.infos.available'].value == true ? 1 : 0"
}
}
},
"penetration": {
"bucket_script": {
"buckets_path": {
"available": "available_count",
"total": "total_count>_count"
},
"script": "params.available / params.total * 100"
}
}
}
}
}
}
}
}
}
}
I am planning to store million of airbnb type apartments availabilty in elasticsearch .
Where availabilty is an array that contains nested objects (availability type is nested).
And each of those objects have date range, in which that apartment is available.
apartments = [
{
"_id": "kjty873yhekrg789e7r0n87e",
"first_available_date": "2016-06-21",
"availability": [
{
"start": "2016-06-21",
"end": "2016-08-01"
},
{
"start": "2016-08-20",
"end": "2016-08-28"
},
{
"start": "2016-10-03",
"end": "2016-11-02"
},
{ //This means it is available only for one day.
"start": "2016-11-13",
"end": "2016-11-13"
},
{
"start": "2016-11-28",
"end": "2017-01-14"
}
],
"apartment_metadata1": 56456,
"apartment_metadata2": 8989,
"status": "active"
},
{
"_id": "hgk87783iii86937jh",
"first_available_date": "2016-06-09",
"availability": [
{
"start": "2016-06-09",
"end": "2016-07-02"
},
{
"start": "2016-07-21",
"end": "2016-12-19"
},
{
"start": "2016-12-12",
"end": "2017-07-02"
}
],
"apartment_metadata1": 23534,
"apartment_metadata2": 24377,
"status": "active"
}
]
I would want to search apartments those are available for a specific date range (say 2016-08-20 to 2016-12-12). And that
range should fall inside one of the availability date ranges of various apartments.
So I want to write a query, something like:
{
"query": {
"bool": {
"must": [
{
"range": { "first_available_date": {"lte": "2016-08-20"} },
"match": { "status": "active" }
}
]
},
"filter": [
{
"range":
{
"apartments.availability.start": {"gte": "2016-08-20"},
"apartments.availability.end": {"lte": "2016-12-12"}
}
}
]
}
}
}
And above query will return me both apartments (with MULTIPLE availability objects matching the condition),
and that is incorrect, it should only return document with _id: hgk87783iii86937jh as there is EXACTLY one availability object matches the creiteria and that is {"start": "2016-07-21", "end": "2016-12-19"}. So in order to have correct result, the condition should be - there should be EXACTLY one availability object in apartment doc
that should match the condition. So how to enforce that there should be EXACTLY one match in the above query? Second question - is my query even correct?
Using nested query should allow you to achieve the above.
Use inner-hits to get the availability-block that matched.
Below is an example to implement this:
Create Index
put testindex
{
"mappings": {
"data" : {
"properties": {
"availability" : {
"type": "nested"
}
}
}
}
}
Index Data:
put testindex/data/1
{
"first_available_date": "2016-06-21",
"availability": [
{
"start": "2016-06-21",
"end": "2016-08-01"
},
{
"start": "2016-08-20",
"end": "2016-08-28"
},
{
"start": "2016-10-03",
"end": "2016-11-02"
},
{
"start": "2016-11-13",
"end": "2016-11-13"
},
{
"start": "2016-11-28",
"end": "2017-01-14"
},
{
"start": "2016-07-21",
"end": "2016-12-19"
}
],
"apartment_metadata1": 4234,
"apartment_metadata2": 687878,
"status": "active"
}
Query:
post testindex/data/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"first_available_date": {
"lte": "2016-08-20"
}
}
},
{
"match": {
"status": "active"
}
}
],
"filter": [
{
"nested": {
"path": "availability",
"query": {
"bool": {
"must": [
{
"range": {
"availability.start": {
"lte": "2016-08-20"
}
}
},
{
"range": {
"availability.end": {
"gte": "2016-12-12"
}
}
}
]
}
},
"inner_hits": {}
}
}
]
}
}
}
Results:
"hits": {
"total": 1,
"max_score": 1.4142135,
"hits": [
{
"_index": "testindex",
"_type": "data",
"_id": "1",
"_score": 1.4142135,
"_source": {
"first_available_date": "2016-06-21",
"availability": [
{
"start": "2016-06-21",
"end": "2016-08-01"
},
{
"start": "2016-08-20",
"end": "2016-08-28"
},
{
"start": "2016-10-03",
"end": "2016-11-02"
},
{
"start": "2016-11-13",
"end": "2016-11-13"
},
{
"start": "2016-11-28",
"end": "2017-01-14"
},
{
"start": "2016-07-21",
"end": "2016-12-19"
}
],
"apartment_metadata1": 4234,
"apartment_metadata2": 687878,
"status": "active"
},
"inner_hits": {
"availability": {
"hits": {
"total": 1,
"max_score": 1.4142135,
"hits": [
{
"_index": "testindex",
"_type": "data",
"_id": "1",
"_nested": {
"field": "availability",
"offset": 5
},
"_score": 1.4142135,
"_source": {
"start": "2016-07-21",
"end": "2016-12-19"
}
}
]
}
}
}
}
]
}
I have documents which look like this (here is example):
{
"user": "xyz",
"state": "FINISHED",
"finishedTime": 1465566467161,
"jobCounters": {
"counterGroup": [
{
"counterGroupName": "org.apache.hadoop.mapreduce.FileSystemCounter",
"counter": [
{
"name": "FILE_BYTES_READ",
"mapCounterValue": 206509212380,
"totalCounterValue": 423273933523,
"reduceCounterValue": 216764721143
},
{
"name": "FILE_BYTES_WRITTEN",
"mapCounterValue": 442799895522,
"totalCounterValue": 659742824735,
"reduceCounterValue": 216942929213
},
{
"name": "HDFS_BYTES_READ",
"mapCounterValue": 207913352565,
"totalCounterValue": 207913352565,
"reduceCounterValue": 0
},
{
"name": "HDFS_BYTES_WRITTEN",
"mapCounterValue": 0,
"totalCounterValue": 89846725044,
"reduceCounterValue": 89846725044
}
]
},
{
"counterGroupName": "org.apache.hadoop.mapreduce.JobCounter",
"counter": [
{
"name": "TOTAL_LAUNCHED_MAPS",
"mapCounterValue": 0,
"totalCounterValue": 13394,
"reduceCounterValue": 0
},
{
"name": "TOTAL_LAUNCHED_REDUCES",
"mapCounterValue": 0,
"totalCounterValue": 720,
"reduceCounterValue": 0
}
]
}
]
}
}
Now I want to sort this data to get TOP 15 documents on the basis of totalCounterValue where counter.name is FILE_BYTES_READ. I have tried nested sorting on this but no matter which key name I write in counter.name, it is always sorting on the basis of HDFS_BYTES_READ. Can anyone please help me with my query.
{
"_source": true,
"size": 15,
"query": {
"bool": {
"must": [
{
"term": {
"state": {
"value": "FINISHED"
}
}
},
{
"range": {
"startedTime": {
"gte": "now - 4d",
"lte": "now"
}
}
}
]
}
},
"sort": [
{
"jobCounters.counterGroup.counter.totalCounterValue": {
"order": "desc",
"nested_path": "jobCounters.counterGroup",
"nested_filter": {
"nested": {
"path": "jobCounters.counterGroup.counter",
"filter": {
"term": {
"jobCounters.counterGroup.counter.name": "file_bytes_read"
}
}
}
}
}
}
]}
This is the mapping for jobCounters we have created:
"jobCounters": {
"type": "nested",
"include_in_parent": true,
"properties" : {
"counterGroup": {
"type": "nested",
"include_in_parent": true,
"properties": {
"counterGroupName": {
"type": "string",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"counter" : {
"type": "nested",
"include_in_parent": true,
"properties": {
"reduceCounterValue": {
"type": "long"
},
"name": {
"type": "string",
"analyzer": "english",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"totalCounterValue": {
"type": "long"
},
"mapCounterValue": {
"type": "long"
}
}
}
}
}
}
}
I followed nested sorting documentation of ElasticSearch and came up with this query, but I don't know why it is always sorting the totalCounterValue of HDFS_BYTES_READ irrespective of jobCounters.counterGroup.counter.name's value.
you can try something like this,
curl -XGET 'http://localhost:9200/index/jobCounters/_search' -d '
{
"size": 15,
"query": {
"nested": {
"path": "jobCounters.counterGroup.counter",
"filter": {
"term": {
"jobCounters.counterGroup.counter.name": "file_bytes_read"
}
}
}
},
"sort": [
{
"jobCounters.counterGroup.counter.totalCounterValue": {
"order": "desc",
"nested_path": "jobCounters.counterGroup",
"nested_filter": {
"nested": {
"path": "jobCounters.counterGroup.counter",
"filter": {
"term": {
"jobCounters.counterGroup.counter.name": "file_bytes_read"
}
}
}
}
}
}
]
}
'
Read the end of this document. It explains that we have to repeat the same query in nested_filter too.
I have a mapping like this
{
"experience": {
"type": "nested",
"properties": {
"end": {
"type": "string"
},
"organization": {
"type": "nested",
"properties": {
"details": {
"type": "string"
},
"name": {
"type": "string"
}
}
}
}
}
}
Now I want to make a query like this:
{
"nested": {
"path": "experience",
"query": {
"bool": {
"must": [{
"match": {
"experience.organization.name": {
"query": company_name,
"operator": "and"
}
}
}, {
"match": {
"experience.end": "Present"
}
}]
}
}
}
}
The above query is not returning any results, is this the correct way to index and query the above scenario?
I am confused about what should be the value of the path variable since organisation.name and end are not at the same level.
Here is a complete working sample with your code:
PUT index1/test1/_mapping
{
"test1": {
"properties": {
"experience": {
"type": "nested",
"properties": {
"end": {
"type": "string"
},
"organization": {
"type": "nested",
"properties": {
"details": {
"type": "string"
},
"name": {
"type": "string"
}
}
}
}
}
}
}
}
POST index1/test1
{
"experience": {
"end": "Present",
"organization": {
"name": "org1",
"details": "some details here"
}
}
}
GET index1/test1/_search
{
"query": {
"nested": {
"path": "experience",
"query": {
"bool": {
"must": [
{
"match": {
"end": "present"
}
},
{
"nested": {
"path": "experience.organization",
"query": {
"match": {
"name": "org1"
}
}
}
}
]
}
}
}
}
}
That being said, you have a double nested object here which you will probably find will work against you in the long run. I would consider flattening the data so that the nested is not necessary.