I have to return an elasticsearch query in my code (Golang using olivere's elastic v.5 library) and if a particular condition occurs, I want to be able to pass in a query that will take minimal time and always return null. Is there a standard way to do this? I tried using a Term query with empty strings as parameters:
elastic.NewTermQuery("", "")
But this doesn't seem to be a valid query. Is there a good way to do this?
If by "always return null" you mean match nothing:
{
"bool": {
"must_not": {
"match_all": {}
}
}
}
I'm sure match_all is implemented very efficiently.
Related
The following query is not working when "metadata.name" has "-" in the text like "demo-application-child3" . But if I remove "-" and make the query to "demoapplicationchild3". It works. The same with other field metadata.version. I've the data for both demoapplicationchild3 and demo-application-child3. suggestions please.
{
"query": {
"bool": {
"filter": [
{"term": { "metadata.name": "demo-application-child3" }},
{"term": { "metadata.version": "00.00.100" }}]
}
}
}
term queries are not analyzed see the official doc which clearly mention this
Returns documents that contain an exact term in a provided field.
Which clearly means that index time you are using some custom analyzer which is removing - and joining the tokens ie for demo-application-child3 your custom analyzer would be generating demoapplicationchild3 token, which you can easily confirm using the Analyze api.
If you want to get result either change term query to match query or use the .keyword suffix with your field if mappping is generated dynamically or create another field which is of type keyword which uses no-op analyzer.
This seemingly simple task is not well-documented in the ElasticSearch documentation:
We have an ElasticSearch instance with an index that has a field in it called sourceId. What API call would I make to first, GET all documents with 100 in the sourceId field (to verify the results before deletion) and then to DELETE same documents?
You probably need to make two API calls here. First to view the count of documents, second one to perform the deletion.
Query would be the same, however the end points are different. Also I'm assuming the sourceId would be of type keyword
Query to Verify
POST <your_index_name>/_search
{
"size": 0,
"query": {
"term": {
"sourceId": "100"
}
}
}
Execute the above Term Query and take a note at the hits.total of the response.
Remove the "size":0 in the above query if you want to view the entire documents as response.
Once you have the details, you can go ahead and perform the deletion using the same query as shown in the below query, notice the endpoint though.
Query to Delete
POST <your_index_name>/_delete_by_query
{
"query": {
"term": {
"sourceId": "100"
}
}
}
Once you execute the Deletion By Query, notice the deleted field in the response. It must show you the same number.
I've used term queries however you can also make use of any Match or any complex Bool Query. Just make sure that the query is correct.
Hope it helps!
POST /my_index/_delete_by_query?conflicts=proceed&pretty
{
"query": {
"match_all": {}
}
}
Delete all the documents of an index without deleting the mapping and settings:
See: https://opster.com/guides/elasticsearch/search-apis/elasticsearch-delete-by-query/
My query for matching multiple words is as following,
{"query":
{"bool":{"must":[{"terms":{"my_field":"word1 word2"}}]}
upon execution, the result set is empty though data exists for the following query.
Instead of above query, if I use
{"bool":{"must":[{"terms":{"my_field":"word1"}}]}
then elastic-search is returning data.
How to match the complete sentence?
Based on your comment on the above answer, I believe you should simply use two term queries inside your must query array.
{
"query":
{ "bool" :
{
"must":[
{"term":{"my_field": "word1" } },
{"term":{"my_field": "word2" } }
]
}
}
}
you can try to put the words in an array and see if it works.
Like this:
{"query": {"bool":{"must":[{"terms":{"my_field":["word1", "word2"]}}]}
here is the documentation: https://www.elastic.co/guide/en/elasticsearch/guide/current/_finding_multiple_exact_values.html
Hope it works =)
When I call this URL:
http://192.168.x.x:9200/identities/work/_search?q=joh*
ES is returning a limited (5) set of matches, starting with some indexes of people names John and Johnny etc. That seems to be the correct result.
But when I send this JSON to ES:
{
"query": {
"match": {
"_all": "joh*"
}
}
}
I get results that I can't even logically explain. Seems rather random, and a lot of indexes too (hundreds, not a lot of johns and johnny's either ;))
Is this not the equivalent of the URL mentioned above? What am I doing wrong?
When you call the following URL, what ES does implicitly is to create a query_string query not a match query
http://192.168.x.x:9200/identities/work/_search?q=joh*
So the equivalent JSON query would be:
{
"query": {
"query_string": {
"query": "joh*"
}
}
}
Moreover, match queries do not handle wildcards as in joh*, the * is considered and matched as a real character, not as a wildcard.
I've inserted a record in ElasticSearch an I can see that here:
But this query returns nothing:
{
"query": {
"filtered": {
"query": {
"bool": {
"must": {
"term": {
"name": "Ehsanl"
}
}
}
}
}
}
}
I post this query using post method to this user: http://127.0.0.1:9200/mydb/customers2/_search
What's wrong with that?
Try giving the name as "ehsanl". All in lower case.
What you see on your screenshot is the original document as you indexed it (_source field).
However, by default, string fields are analyzed (see this answer for more detail about analysis).
Using standard analyzer, your name value should have been lowercased to ehsanl and stored this way in the index : term queries search for the exact value Ehsanl in the index, which doesn't exist.
You can either :
use ehsanl value with term query
use Ehsanl value with a match query, which will apply the same analyzer before to search.