I was wondering if there is a search query using the elasticsearch DSL for finding all the values except some that satisfy a certain condition on a dateOptionalTime field in the database.
The equivalent SQL query would be:
select * from index
where (not (date="0001-01-01T00:00:00+03:30"))
and (domain="somthing.com");
Yes, you can use bool/must_not to achieve this:
{
"query": {
"bool": {
"filter": {
"term": {
"domain": "something.com"
}
},
"must_not": {
"term": {
"date": "0001-01-01T00:00:00+03:30"
}
}
}
}
}
Related
I'm trying to write a query in ElasticSearch where I combine multi_match with filter for an id or a number og ids.
This is what i have so far:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "Kasper",
"fields": ["name", "first_name", "last_name"]
}
},
"filter": {
"term": {
"user_id": "ea7528f0-1b8a-11e8-a492-13e39bbd17cb"
}
}
}
}
}
The "must" part of the query works perfectly, and when I run it alone, I get two results.
When I pick out the "user_id" from one of the two results and adds the "filter" part of the query with that id, I get nothing.
What I really want to do is have something like in SQL where user_id in ('id1', 'id2'), so the filtering would be something like:
...,
"filter": {
"terms": {
"user_id": ["ea7528f0-1b8a-11e8-a492-13e39bbd17cb"]
}
}
Did I misunderstand something here?
I'm guessing that this is because user_id field is treated as a text and is analyzed. You should use keyword type in this situation (you need just change the mapping of user_id field.
Another way (if you are on Elasticsearch 5+) you can search in keyword subfield. Just try use below query:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "Kasper",
"fields": ["name", "first_name", "last_name"]
}
},
"filter": {
"term": {
"user_id.keyword": "ea7528f0-1b8a-11e8-a492-13e39bbd17cb"
}
}
}
}
}
I only changed "user_id" to "user_id.keyword" in your query.
I currently search my data for exact matches on one term like this:
{
"query": {
"bool": {
"must": [
{
"term": {
"term_a": "xxxxx"
}
}
]
}
}
}
However, I want to be able to search on multiple terms and get all documents that match at least one. So in SQL speak term_a = 'xxxxx' or term_b = 'yyyyy'. How can I do this?
Then you can use a bool with should statements for each term:
"bool": {
"should": [
{
"term": {
"term_a": "xxxxx"
}
},
{
"term": {
"term_b": "yyyyy"
}
}
]
}
If you want to search multiple terms in the same field then you can use a terms query.
I have a requirement where I need to return only those records whose comments donot start with a String. PFB the query and this approach is not working. Need help
{
"size": 0,
"fields": ["id","comment"],
"query": {
"bool": {
"must_not": [
{
"wildcard": {
"comment":
"AG//*"
}
}
]
}
}
}
First, you should remove the "size": 0 from your query (or set the required size) to see the results.
Now, the best way to implement 'Starts with' in elasticsearch is by using the Prefix Query as follows:
{
"fields": ["id", "comment"],
"query": {
"bool": {
"must_not": [
{
"prefix": {
"comment": "AG" <-- No need for any wildcards
}
}
]
}
}
}
Note: The Prefix Query and Wildcard Query makes sense only on not_analyzed fields, so make sure your "comment" field has the same mapping.
I have a query to search for a provider_id from the Elastic Search Cluster. I am using the below query to get results for a single provider_id but need help in figuring out how can I pass a list of providers.
{
"query": {
"bool": {
"must": [{
"match": {
"message.provider_id": {
"query": 943523,
"type": "phrase"
}
}
}]
}
}
}
Suppose I want to search for provider_ids = [913523, 923523, 923523, 933523, 953523] then how should I modify the query?
You could index the provider_id as not_analyzed and then use a terms query:
POST /test_index/_search
{
"query": {
"terms": {
"message.provider_id": [
"913523", "923523", "923523", "933523", "953523"
]
}
}
}
or as a bool query with a filter if you are not going to need the score:
POST /test_index/_search
{
"query": {
"bool": {
"filter": [
{
"terms": {
"message.provider_id": [
"913523", "923523", "923523", "933523", "953523"
]
}
}
]
}
}
}
I am using Elasticsearch I want to write a query for getting unique record on the basis of query and group:
SELECT * from users where name='%john%', age='21', location='New York' group by name
Could you please let me know how to write the query in elasticsearch with query.
It would go something like this. You need a filtered query with a query_string in the query part to match *john* and then two filters in the filter part to match the age and the location. Finally, the grouping is achieved using a terms aggregation.
{
"query": {
"query": {
"query_string": {
"query": "*john*",
"default_field": "name"
}
},
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"age": 21
}
},
{
"term": {
"location": "New York"
}
}
]
}
}
}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "name"
}
}
}
}