Elastic Search - Query with dynamic object and wildcard - elasticsearch

I have data in the following format:
{ "_id":1,
"s_id":121211,
"data_detail":{
"name":"John",
"phone_number":08089320xxx,
"city":"ABC"
}
}
I need to search data through elastic search which will query where s_id=? and any text which is available in data_detail object. Example s_id=121211 AND ABC. I need wildcard on data_detail object.
Keys for the data_detail object is not fixed.
Thanks in advance.


I would consider using a bool query with multi_match and term query like this. I haven't tested this, but something on these lines should work I guess.
GET test_index/_search
{
"query": {
"nested": {
"path": "data_detail",
"query": {
"bool": {
"must": [
{
"multi_match": {
"query": "ABC",
"fields": [
"data_detail.*"
]
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
}
}


Solved this by using the following query:
{
"query": {
"bool": {
"must": [
{
"query_string":{
"fields":["data_detail.*"],
"query": "*str*",
"analyze_wildcard":true
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}

Related

Why query DSL select doc which not include field?

Dears,
I need your advice/explanation.
This is my query which select document from index which not include field f1.rc. I don't understand why.
What is wrong in below query? Any idea?
In my opinion this query should select documents that meet both conditions f1.rc and f1.mti. I'm confused.
GET /index-2022.04.14/_search?size=100&pretty=true
{
"query": {
"bool": {
"must": [
{
"match": {
"f1.iface.keyword":"MOSS"
}
},
{
"query_string": {
"query": "(server01\\.domain\\.com) OR (server02\\.comain\\.com)",
"default_field": "agent.hostname",
"default_operator": "AND"
}
},
{
"term": {
"log.file.path.keyword": {
"value": "/apps/myapp1/log/cssf1.log"
}
}
},
{
"query_string": {
"query": "(f1.rc:/[0]\\d{2}/ and f1.mti:/\\[1][12][13579]\\d/) "
}
},
{
"range": {"#timestamp": {"gt": "2022-04-14T15:08:50","lte": "2022-04-14T15:08:51"}}
}
]
}
}
}
}
Best Regards,
Dan

How to search with only raw query JSON with Elastic Java API 6.5.1?

How can I take the raw JSON String and query via the Java API? It should
work for any complex query that Curl accepts in Elastic.
For example:
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"name": "<name>"
}
},
{
"match": {
"address": {
"query": "<address>",
"fuzziness": 1,
"prefix_length": 1,
"operator": "or",
"minimum_should_match": "80%"
}
}
},
{
"match_phrase": {
"city_nm": "<city_nm>"
}
},
{
"term": {
"state_province_cd": "<state_province_cd>"
}
}
]
}
}
}
I tried Query Builders' simpleQueryStringQuery method to achieve this but it creates the query which doesn't give a correct result.
For Example, to search a record using just name, this is the query which simpleQueryStringQuery is generating but instead of returning just one record it returns multiple records.
{
"query": {
"simple_query_string": {
"query": """{"query":{"bool":{"must":[{"match_phrase":{"name":"Neeraj"}}]}}}"""
}
}
}
whereas if I run the same query like this in my Kibana console that returns the correct number of results.
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"name": "Jaas"
}
}
]
}
}
}

ElasticSearch multiple string to search with wildcard query

I'm trying to have multiple wildcard query match in my elasticsearch query in Kibana. I can't quite figure it out.
Basically I want any document with an attribute type="erreur"
and I want to exclude all documents that match the strings "An established*" or "java.lang.*" on the field descr_courte
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte": ["An established*", "java.lang.*"]
}
}
}
}
}
if I put a single wildcard query it works fine
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte":
"An established*"
}
}
}
}
}
the error I get:
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Can't get text on a START_ARRAY at 1:454"}],"type":"search_phase_execution_exception","reason":"all shards
Any idea?

Try putting them is separate clauses.
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
},
"must_not": [
{
"wildcard": {
"descr_courte": "An established*"
}
},
{
"wildcard": {
"descr_courte": "java.lang.*"
}
}
]
}
}
}
}

My guess is that you can't make an array for wildcard query like ["An established*", "java.lang.*"], so you need to:
{
"query": {
"{
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"regexp": {
"descr_courte": "(An established|java\.lang\.).*"
}
}
}
}
}
More info about regexp query in https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-regexp-query.html
Another option is to combine your query terms with the logical operators NOT, AND and OR in the query string
{
"query": {
"query_string" : {
"query" : "type:erreur AND NOT(descr_courte:An established* OR descr_courte:java.lang.*)"
}
}
}
See more info at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_wildcards

How to implement the following condition in elasticsearch query?

I have an index with some documents having a field named "access_type" . It can have 2 values, either "faculty" or "students".
For the documents with "faculty" as the value for "access_type", there will be another field called "faculties" which is a list of faculty name.
So an example document would look like below:
{
"access_type": "faculty",
"faculties": [
"facultyId1",
"facultyId2",
"facultyId3"
]
}
Now if we have two inputs say one is for the access_type and another is for the faculties.
If I get the following input "faculty" and "facultyId4" . First I need to filter out all the documents matching the access type "faculty" and then in the resulting results the "facuultyId4" should search against the field "faculties". Since the "facultyId4" is not in the above document,it should not be considered a hit.
How can I implement this as an elasticsearch query?

POST http://your.elastic.host:9200/index/type/_search
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": [
{
"term": {
"access_type": "faculty"
}
},
{
"term": {
"faculties": "facultyId4"
}
}
]
}
}
}
}
}

Hope this will for work.
GET index/type/_search
{
"query": {
"filtered": {
"filter": {
"and": {
"filters": [
{
"query": {
"match": {
"access_type": "faculty"
}
}
},
{
"query": {
"match": {
"faculties": "facultyId4"
}
}
}
]
}
}
}
}
}

NOT condition in elasticsearch

I am trying to implement NOT condition in elasticsearch query.
Can I Implement filter inside bool or I need to write separate
filter as below. Any optimum solution is there?
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
]
}
},
"filter": {
"not": {
"filter": {
"term": {
"post_type": "page"
}
}
}
}
}

You can use a must_not clause:
{
"query": {
"bool": {
"must": [
{
"match": {
"_all": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
],
"must_not": {
"term": {
"post_type": "page"
}
}
}
}
}
Also, I'd recommend using a match filter instead of query_string, as query_string requires the much more strict Lucene syntax (and is therefor more error prone), whereas match works more like a search box: it will automatically transform a human readable query to a Lucene query.

Resources