Elastic Search URI Search with Group By - elasticsearch

I am able to search normal query . Contains fields value or sorting from elasticsearch uri search but unable to run the term aggregation queries from uri search.
How i can do this?
Term aggregation query is :
curl -u elastic -XGET '127.0.0.1:9200/indexname/typename/_search?pretty' -d'{"size": 0,"aggs": {"group_by_field": {"terms": {"field": "txt_field_name","size": 10},"aggs": {"maxDate": {"max":{"field": "dat_field_name"}}}}}}'
Can we do term aggregation queries from URI Search?

What if you have your URI query as such:
curl -u elastic -XGET 'localhost:9200/indexname/typename/_search?source={"aggs":{"maxDate":{"terms":{"field":"dat_field_name"}}}}'

Related

Elastic Search Multimatch: Is there a way to search all fields except one?

We have an Elastic Search structure that specifies fields in a multi_match query like this:
"multi_match": {
"query": "find this string",
"fields": ["*_id^20", "*_name^20", "*"]
}
This works great - except under certain circumstances like when query is "Find NOWAK". This is because "NOW" is a reserved word for date searching and field "*" matches fields that are defined as dates.
So what I would like to do is ignore fields that match "*_at".
Is there way to tell Elastic Search to ignore certain fields in a multi_match query?
If the answer to that is "no" then the follow up question is how to escape the search term so that it won't trigger key words
Running version 6.7
Try this:
Exclude a field on a Elasticsearch query
curl -XGET 'localhost:9200/testidx/items/_search?pretty=true' -d '{
"query" : {
"query_string": {
"fields": ["title", "field2", "field3"], <-- add this
"query": "Titulo"
}},
"_source" : {
"exclude" : ["*.body"]
}
}'
Apparently the answer is "No: there is not a way to tell ElasticSearch to ignore certain fields in a multi_match query"
For my particular issue I found an inexpensive way to find the necessary white-listed fields (this is performed outside the scope of ElasticSearch otherwise I would post it here) and list those in place of the "*" when building the query.
I am hopeful someone will tell me I'm wrong, but I don't think I am.

Elasticsearch multi search API

I'm trying to perform multiple concurrent search requests using Elasticsearch (version 6). Here is my queries file:
{"index" : "web"}
{"max_concurrent_searches": 64, "query": {"match": {"content": "school"}}}
{"index" : "web"}
{"max_concurrent_searches": 64, "query": {"match": {"content": "car"}}}
{"index" : "web"}
{"max_concurrent_searches": 64, "query": {"match": {"content": "cat"}}}
Here is the command I use to issue the bulk request:
curl -H "Content-Type: application/x-ndjson" -XGET ''$url'/_msearch'
--data-binary "#$file"; echo
However, I get the following error indicating my wrong usage of max_concurrent_searches parameter.
{"error":{"root_cause":[{"type":"parsing_exception","reason":"Unknown key for a VALUE_NUMBER in [max_concurrent_searches].","line":1,"col":29}],"type":"parsing_exception","reason":"Unknown key for a VALUE_NUMBER in [max_concurrent_searches].","line":1,"col":29},"status":400}
If I removed "max_concurrent_searches": 64, from the queries file above, everything works just perfect.
I want to know how can I use/set the max_concurrent_searches parameter, I couldn't find useful information in Elasticsearch documentation about this except the following:
The msearch’s max_concurrent_searches request parameter can be used to
control the maximum number of concurrent searches the multi search api
will execute. This default is based on the number of data nodes and
the default search thread pool size.
You should add it to the request itself:
Sample request: GET indexName/type/_msearch?max_concurrent_searches=1100
(where indexName and type is optional)
For you its should be like:
curl -H "Content-Type: application/x-ndjson" -XGET ''$url'/_msearch**?
max_concurrent_searches=1100**'
--data-binary "#$file"; echo
You can execute above using postman also. Just change the content-type as application/x-ndjson and dont forget to add a new line character in the end. This will give you the same error and you can correct it easily by different combinations. MultiSearch is an important feature.

Elastic search simple query to find all ids

I am trying to get all id's for a type, but I am pulling my hair out.
Please see my attacment.
HERE IS THE cURL call :
curl -XGET 'localhost:9200/_search?pretty' -H 'Content-Type: application/json'
-d'{ "query": { "wildcard" : { "id" : "Account[enter image description here][1]*" } }}'
cURL call with no results
I would guess there is an issue with the way your id-field is analyzed. You can retrieve the mapping by using the _mapping endpoint (described in the docs). Your id field should be analyzed as a string (with break characters, tokenizers and all) for the wildcard query to work. If it is not analyzed, as you might expect for an id-field, the wildcard query will not work. Then you would need to change the mapping and reindex your data to make it work.

Elasticsearch distinct multi search result

I use Elasticsearch 2.2 and when using Multi Search API, it's possible to distinct the result between the first search and the second search??
I have multi search query dsl like this
{}
{"query": {"filtered": {"filter": {"bool": {"must": [{"terms": {"mtart": ["roh"]}},{"terms": {"werks": ["f230","f232"]}}]}},"query": {"query_string": {"query": "roh"}}}}}
{}
{"query":{"filtered":{"filter":{"bool":{"must":[{"terms":{"mtart":["roh","nlag"]}},{"terms":{"werks":["f230","f231"]}}]}},"query":{"query_string":{"query":"roh"}}}}}
The result for the first search is 12 hits and the second is 39 hits. But there is duplicate value between first search and second search. And I want to distinct all the hits and get the unique documents. It is possible to do it??
Thanks a lot

Elasticsearch view indexed data

I have filter which replace characters
char_filter:
lt_characters:
type: mapping
mappings: ["a=>bbbbbb", "c=>tttttt", "ddddddd=>k" ]
I'm add this filter to index, now how to check does this filter work, where I can found indexed data ?
I mean exactly view replacments.
To see what tokens are created with your char_filter you can use the Analyze API.
curl -XGET 'localhost:9200/_analyze?char_filters=lt_characters' -d 'this is a test'

Resources