I am using the query string query and default operator OR
here is my query
GET prasad/_search
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*96 prasad*"
, "default_operator": "OR"
}
}
]
}
}
}
I have data in my document as 96315 but this query is not hitting this document.Hits are null.When we use OR operator then it means either 96 OR prasad should in there in document (_all)?
This worked for me
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*96* *prasad*"
, "default_operator": "OR"
}
}
]
}
}
}
Related
I want to search objects in Elasticsearch which are combination of two index.
Is there a way to search on two index with specific condition on them?
for example:
I have an index siem-referencedata-list with lists' metadata. each documents have a subset index base on its id (siem-referencedata-list-documentsId)
how could I set a query that check siem-referencedata-list and its subsets?
I have below query for siem-referencedata-list
POST siem-referencedata-list/_search
{
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"query_string": {
"default_field": "list.name",
"query": "*list1*",
"default_operator": "OR"
}
}
]
}
},
{
"bool": {
"should": [
{
"query_string": {
"default_field": "list.type",
"query": "*Keyword*",
"default_operator": "OR"
}
}
]
}
}
]
}
}
}
and also I have below query for indexes base on above documents' id (`siem-referencedata-list-*)
POST siem-referencedata-list-*/_search
{
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"query_string": {
"query": "*30.3.30.3*"
}
}
]
}
}
]
}
}
}
How can I set a query to combine them?
search items on siem-referencedata-list and also on siem-referencedata-list-* and result items that are both results.
I set two different query and get two different arrays. How can I get intersection of these two arrays?
this is a workaround add a property to documents in this specific index "siem-referencedata-list" while indexing
and use that property to query the documents
I added specific word column- into documents of indexes "siem-referencedata-list-*" and I separated query function of "siem-referencedata-list" and its subsets..
POST siem-referencedata-list/_search
{
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"query_string": {
"query": "*list1*",
"fields": ["column-*"]
}
}
]
}
}
]
}
}
}
I have this query:
{
"query": {
"bool": {
"must": [
{
"match": {
"egyik": {
"query": "piros alma"
}
}
},
{
"match": {
"masik": {
"query": "piros alma"
}
}
}
]
}
}
}
It's not too beautiful, because the query parameter occured twice, therefore I tried to rewrite it with the multi_match syntax:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "piros alma",
"fields": [
"egyik",
"masik"
]
}
}
}
}
}
But it returns more hits than the first. I tried operator, minimum_should_match modifiers, but not helps. How do I solve the same result with multi_match?
As far as I know, all types of multi-match queries return a hit when the provided query matches any of the listed fields (see Elastic docs). Therefore, the reason why you have more hists with multi_match is that you can't enforce the same boolean condition you have with your first query. That said, I don't see anything wrong with repeating the same query parameter twice. If you want to generalise it a bit, you might want to consider using Search Templates
By default operator OR is used, which means query term can be present in any field, if you want query term to be present in all the fields then you can explicitly define operator field with AND value.
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "piros alma",
"fields": [
"egyik",
"masik"
],
"operator":"and"
}
}
}
}
}
To know more you can go through this
Meanwhile I found the solution:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "piros alma",
"fields": [
"egyik",
"masik"
],
"type": "cross_fields",
"operator": "and"
}
}
}
}
}
Need the type and operator together.
When querying Elastic with:
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "data.payload.NSFILEID.num:1492141378",
"analyze_wildcard": true
}
}
]
}
}
I get docs with data.payload.NSFILEID.num = 1492141378 and close ones.
Same behaviour with:
{
"query": {
"term": {
"data.payload.NSFILEID.num": 1492141378
}
}
}
This field is indexed as number.
How could I get only exact ones?
The following documents should be found:
matches query 'my text' AND (has not field OR field with value)
I have tried the following:
GET /myIndex/_search
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "my text"
}
},
{
}
],
"filter": {
"bool": {
"must_not": {
"exists": {
"field": "myField"
}
},
"must": {
"terms": {
"myField": [
"myValue"
]
}
}
}
}
}
}
}
It should (but does not) work liek that:
bool combine via OR must and filter parts
first must select by query
filter uses bool which combines by OR must andmust_not`
But this behaves like must combined with must_not via AND clause. E.g. when I removed "must" or "must_not" query works.
How change query to combine "must" with "must_not" via OR clause?
Elasticsearch version is 5.3.2
You need an extra bool filter between the must and must_not terms.
You should also think about your myField field. If it is defined as text or as keyword.
Tested with elasticsearch 5.6.1 the following query works:
{
"query": {
"bool": {
"must": [{
"query_string": {
"query": "this is a text content"
}
}],
"filter": {
"bool": {
"should" : [{
"bool" : {
"must_not": {
"exists": {
"field": "myField"
}
}
}
},
{
"bool" : {
"must": {
"terms": {
"myField.keyword": ["my field exists and has a value"]
}
}
}
}]
}
}
}
}
}
On Elasticsearch 7.X, you can simply do:
{
"query": {
"bool": {
"must": [
{"match": {"field1": {"query": "Hero"}}}
],
"must_not": [
{"terms":{"field3":["Batman"]}},
]
}
}
}
Is it possible to combine query_string and bool query in filter query?
For Example -
{
"filter": {
"query_string": {
"query": "field:text"
}
},
"bool": {
"should": {
"match": {
"field": "text"
}
}
}
}
bool is meant to be used to club various queries together into a single bool query.
You can use bool to combine multiple queries in this manner -
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}
The must clause will make sure all the conditions are matched.
You can also use should which will make sure either one of the query is matched in case of only should is used.
As bool is just another query type , you can also club bool queries inside bool queries as follows -
{
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "value"
}
}
]
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}