I have tried in elasticsearch 6.x. But no result.
PUT suciptox
{
"mappings": {
"data": {"properties": {
"time_format":{ "type": "date" },
"fieldx": { "type": "text", "fielddata":true, "index": "not_analyzed"
}
}
}
}
}
Get query
"query": {
"terms": {
"fieldx": [ "L333","xxxx"]
}
}
According to the mapping which you provided, there is a field data which is an object type and has another field called fieldx.
so your query should be like
{
"query": {
"terms": {
"data.fieldx": ["L333", "xxxx"]
}
}
}
Related
I would like to do an aggregation on one of the object type but I couldn't make it work. I created a mapping from dynamic_templates because my object is dictionary and the key is list of constants. Here is my object, mapping and aggregate query.. even I can't access indexed field by must->exists query.
Document
{
"property":{
"innerProperty":{
"constantKey":{
"someArrays":[
{
"id":"12345"
}
]
}
}
}
}
Mapping
{
"dynamic_templates": [
{
"property_map": {
"path_match": "property.innerProperty.*",
"mapping": {
"type": "object",
"dynamic": false
}
}
}
]
}
Mapping result after adding a document
"property": {
"properties": {
"innerProperty": {
"properties": {
"constantKey": {
"type": "object",
"dynamic": "false"
}
}
}
}
}
Aggregation
GET /index/_search
{
"query": {
"bool": {
"must": {
"exists": {
"field": "property.innerProperty.constantKey"
}
}
}
}
}
Query
GET /index/_search
{
"aggs": {
"property-agg": {
"terms": {
"field": "property.innerProperty.constantKey"
}
}
},
"size": 0
}
Both of aren't working. I would like to do an aggregation by constantKey so that I would get the correct document count to facets make it work.
I am trying to retrieve data from elasticsearch based on 2 conditions, It should match the jarFileName and dependentClassName. The query runs fine with jarFileName but it matches dependendentClassName partially.
This is the query I used.
{
"query": {
"bool": {
"must": [
{
"match": {
"dependencies.dependedntClass": "java/lang/String"
}
},
{
"match": {
"JarFileName": {
"query": "Client.jar"
}
}
}
]
}
}
}
Query fully matches the jarFileName but for the dependentClassName it even matched and returned any part of the value mentioned. For an example if I used java/lang/String, it returns any type that has java or lang or String in their dependentClassName. I think its because of the "/". How can I correct this one?
EDIT
I used this query for mapping,
{
"classdata": {
"properties": {
"dependencies": {
"type": "object",
"properties": {
"dependedntClass": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
You can set the index of dependencies.dependedntClass to not_analyzed so that your given string will not be analyzed with standard analyzer. If you are using ES 2.x then the below mapping should work fine.
PUT /your_index
{
"mappings": {
"your_type":{
"properties": {
"dependencies":{
"type": "string",
"fields": {
"dependedntClass":{
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
}
Then, your query should also work fine.
EDIT (if dependencies field is of nested type)
If your dependencies field is of nested or array type, then change the mapping as like :
POST /your_index
{
"mappings": {
"your_type":{
"properties": {
"dependencies":{
"type": "nested",
"properties": {
"dependedntClass":{
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
}
And the query should be changed as like below:
GET /your_index/_search
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "dependencies",
"query": {
"match": {
"dependencies.dependedntClass": "java/lang/String"
}
}
}
},
{
"match": {
"JarFileName": {
"query": "Client.jar"
}
}
}
]
}
}
}
I am trying to query an elasticsearch index for documents with an empty geo_point field. The field exists but it's blank (example below). A query which works for filtering string fields does not work for geo_point fields.
Document:
"_source": {
"latitudeLongitude": "",
"pickupLocationZipcode": "",
}
Query that works for filtering string fields but not geo_point fields:
{
"query": {
"filtered": {
"filter": {
"term": {
"latitudeLongitude": ""
}
}
}
}
}
Mapping:
"latitudeLongitude": {
"type": "geo_point"
}
"pickupLocationZipcode": {
"index": "not_analyzed",
"type": "string",
"copy_to": [
"pickup_location_zipcode"
]
}
You can use the missing query for this and it will find your document
{
"query": {
"filtered": {
"filter": {
"missing": {
"field": "latitudeLongitude",
"existence": false,
"null_value": true
}
}
}
}
}
My intent is to fetch records matching a specified date range and uuid (Unique User ID). The query seems to fail:
If I try the same query with username then it works.
I suspected the : character in the search string and tried escaping it with a \ but it still didn't work.
What could be the problem ?
The mappings are:
{
"top_flows": {
"mappings": {
"top flows": {
"properties": {
"name": {
"type": "string"
},
"postDate": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"uuid": {
"type": "string"
}
}
}
}
}
}
The JSON document being added into elasticsearch is:
doc = {
'postDate': timestamp_str,
'uuid': uuid,
'name': 'sam'
}
timestamp = time.time()
timestamp_str = datetime.fromtimestamp(timestamp).strftime('%Y-%m-%dT%H:%M:%S')
res = self.__eshandle.index(index="top_flows", doc_type='top flows', id=int(timestamp), body=doc)
Possible problem is that you did not turned of analysis on term field in mapping.
Put mapping
PUT /top_flows
{
"mappings": {
"users": {
"properties": {
"uuid": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
Save document
POST /top_flows/blogpost
{
"uuid": "FF:FF:FF:FF"
}
Search
POST /top_flows/_search
{
"query": {
"match_all": {}
} ,
"post_filter": {
"term": {
"uuid": "FF:FF:FF:FF"
}
}
}
Below worked out finally !
GET /top_flows/_search
{
"query" : {
"range" : {
"postDate" : {
"from" : "now-5m",
"to" : "now"
}
}
},
"filter": {
"query_string": {
"query": "FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:FF\\:11\\:8F\\:FF\\:FF\\:FF",
"fields": ["uuid"]
}
}
}
Not sure still why the earlier approaches failed :(
I have a mapping with an inner object as follows:
{
"mappings": {
"_all": {
"enabled": false
},
"properties": {
"foo": {
"name": {
"type": "string",
"index": "not_analyzed"
},
"address": {
"type": "object",
"properties": {
"address": {
"type": "string"
},
"city": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
}
When I try the following aggregation it does not return any data:
post data:*/foo/_search?search_type=count
{
"query": {
"match_all": {}
},
"aggs": {
"unique": {
"cardinality": {
"field": "address.city"
}
}
}
}
When I try to put field city or address.city, aggregation returns zero but if i put foo.address.city it is then when i get the correct respond by elasticsearch. This also affects kibana behavior
Any ideas why this is happening? I saw there is a mapping refactoring that might affects this. I use elasticsearch version 1.7.1
To add on this if, I use the relative path in a search query as follows it works normally:
"query": {
"filtered": {
"filter": {
"term": {
"address.city": "london"
}
}
}
}
Seems its this same issue.
This is seen when the type name and field name is same.