I am trying to hit a query in elastic search. This is working fine except for '/' present in the search. the query is as shown below
GET styling_rules/product_line_filters/_search
{
"query": {
"filtered": {
"query": {
"query_string" : {
"query" : "boyfriend / boxy"
}
},
"filter": {
"term": {
"product_line_name": "women_blazers"
}
}
}
}
}
here in elasticsearch '/' is already present but with the query it is showing error. how to handle these situtation. Thanks in advance
You need to escape that character. See here the full list of characters to be escaped in query_string: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_reserved_characters
Related
I am using kibanna
I am trying to put filter on a field container_name = "armenian"
but I have other container names with following names
armenian_alpha
armenian_beta
armenian_gama
armenian1
armenian2
after putting the filter , search query in kibanna becomes
{
"query": {
"match": {
"container_name": {
"query": "armenian",
"type": "phrase"
}
}
}
}
But the output searches logs for all containers , as I can see the Elastic search query is using a pattern matching
How can I put an exact match with the string provided and avoid the rest ?
You can try out with term query. Do note that it is case sensitive by default unless you specify with case_insensitive equals to true. Also, if your container_name is a text field type instead of keyword field type, do add the .keyword after the field name. Otherwise, ignore the .keyword.
Example:
GET /_search
{
"query": {
"term": {
"container_name.keyword": {
"value": "armenian"
}
}
}
}
Link here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
I would recommend using a direct wildcard in query or wildcard as follow
GET /_search
{
"query": {
"match": {
"container_name": {
"query": "*armenian",
"type": "phrase"
}
}
}
}
GET /_search
{
"query": {
"wildcard": {
"container_name": {
"value": "*armenian"
}
}
}
}
With *armenian you are ensuring that armenian comes at the end.
I want to make a search that works like this:
when I enter "Desc" for example, I want to get everything that contains "Desc", and not to be case sensitive. I don't want to include index name, or document, I want it to search across everything.
I tried this but it doesn't work very well.
GET /_search
{
"query":
{ "query_string":
{
"query": "Test*"
}
}
}
From the latest docs any of these techniques will get you the job done
GET /_search
{
"query": {
"query_string" : {
"query" : "*desc*"
}
}
}
**OR**
GET /_all/_search
{
"query": {
"query_string" : {
"query" : "*desc*"
}
}
}
**OR**
GET /*/_search
{
"query": {
"query_string" : {
"query" : "*desc*"
}
}
}
Try using wild card search. Make sure the field you are searching is text field.
{
"query": {
"query_string" : {
"query" : "*desc*"
}
}
}
If you want to use all index you can query like this
curl -XGET 'http://localhost:9200/index1,index2/_search
PS: Performance wise this is a bad idea since this searches all fields in index. Alternatively you can use use default_field in the query string and specidy the field.
Works as expected:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau"
}
}
}
an added wildcard at the end delivers no results and I wonder why:
{
"query": {
"query_string": {
"query": "Hofstetten-Grünau*"
}
}
}
how to fix it?
elasticsearch v5.3.2
This delivers results:
{
"query": {
"query_string": {
"query": "Hofstetten*"
}
}
}
I use a single search field. The end user can freely use wildcards as they see fit. A user might type in:
hofstetten grünau
+ort:hofstetten-grünau
+ort:Hofstetten-G*
so using a match query wont work out for me.
I am using Jest (Java Annotations) as Mapping, and using "default" for this field. My index mapping declares nothing special for the field:
{
"mappings": {
"_default_": {
"date_detection": false,
"dynamic_templates": [{
}]
}
}
}
Adding the wildcard "*" at the end of your query string is causing the query analyzer to interpret the dash between "Hofstetten" and "Grünau" as a logical NOT operator. So you're actually searching for documents that contain Hofstetten but do NOT contain Grünau.
You can verify this by doing the following variations of your search:
"query": "Hofstetten-XXXXX" #should not return results
"query": "Hofstetten-XXXXX*" #should return results
To fix this I would recommend using a match query instead of a query_string query:
{"query": {"match": { "city": "Hofstetten-Grünau" }}}'
(with whatever your appropriate field name is in place of city).
I have been using/mapping the string field to being index: "not_analyzed" but still not able to get search results for capital letter strings ?? I searched the whole internet inside out , but there is no simple workaround.
Sample data:
{
"job_status":"Finished",
"build_number":"94",
"build_duration":778,
"#timestamp":"1455317284293",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild03",
"job_name":"DMWM-WMCore-RunTests-Oracle"
},
{
"job_status":"Finished",
"build_number":"96",
"build_duration":859,
"#timestamp":"1455662929042",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild02",
"job_name":"DMWM-WMCore-RunTests-Oracle"
},
{
"job_status":"Finished",
"build_number":"89",
"build_duration":385,
"#timestamp":"1454453359226",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild06",
"job_name":"DMWM-WMCore-RunTests-Oracle"
}
kibana3 is making this query:
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "job_name:D*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
}
}
but get no results.
The reason you don't get any results is because the query_string query has a parameter called lowercase_expanded_terms which is true by default.
What it does is to lowercase the query string you're passing to it, so that job_name:D* becomes job_name:d*, hence why nothing is matching.
However, if you query like this, i.e. by setting lowercase_expanded_terms to false, it will work:
curl -XGET localhost:9200/your_index/_search?lowercase_expanded_terms=false&q=job_name:D*
I had a nested field source in my index seems like this:
"source": [
{
"name": "source_c","type": "type_a"
},
{
"name": "source_c","type": "type_b"
}
]
I used query_string query and simple_query_string query to query type_a and got two different result.
query_string
{
"size" : 3,
"query" : {
"bool" : {
"filter" : {
"query_string" : {
"query" : "source:\"source.type:=\"type_a\"\""
}
}
}
}
}
I got 163459 hits in 294088 docs.
simple_query_string
{
"size": 3,
"query": {
"bool": {
"filter": {
"simple_query_string": {
"query": "source:\"source.type:=\"type_a\"\""
}
}
}
}
}
I got 163505 hits in 294088 docs.
I only made three different types type_a,type_b,type_c randomly. So I had to say 163459 and 163505 were very little difference in 294088 docs.
I noly got one info in Elasticsearch Reference [2.1]
Unlike the regular query_string query, the simple_query_string query will never throw an exception, and discards invalid parts of the query.
I don't think it's the reason to make the difference.
I want to know what make the little different results between query_string and simple_query_string?
As far as I know, nested query syntax is not supported for either query_string or simple_query_string. It is an open issue, and this is the PR regarding that issue.
Then how are you getting the result? Here Explain API will help you understand what is going on. This query
{
"size": 3,
"query": {
"bool": {
"filter": {
"simple_query_string": {
"query": "source:\"source.type:=\"type_a\"\""
}
}
}
}
}
have a look at the output, you will see
"description": "ConstantScore(QueryWrapperFilter(_all:source _all:source.type _all:type_a)),
so what is happening here is that ES looking for term source , source.type or type_a, it finds type_a and returns the result.
You will also find something similar with query_string using explain api
Also query_string and simple_query_string have different syntax, for e.g field_name:search_text is not supported in simple_query_string.
Correct way to query nested objects is using nested query
EDIT
This query will give you desired results.
{
"query": {
"nested": {
"path": "source",
"query": {
"term": {
"source.type": {
"value": "type_a"
}
}
}
}
}
}
Hope this helps!!
Acording to the documentation simple_query_string is meant to be used with unsafe input.
So that users can enter anything and it will not throw exception if input is invalid. Will simply discard invalid input.