i have text fields like above
elastic|b|c
elastic,search|b|c
elastic,search,prefix|b|c
I want to query on this string with prefix. And the query is
aggs":{
"field":{
"filter":{
"match":{
"field":{
"type":"prefix",
"query":"elastic|"
}
}
},
"aggs":{
"field":{
"terms":{
"field":"textField",
"size":255
}
}
}
}
}
},
"
and this query return all texts below in the example.
Do i need extra analyzer or token filter on texts?
How can i exact match search with prefix on elastic ?
you can achieve that by using wildcards in elasticsearch.
{
"query": {
"wildcard": {
"textField": {
"value": "elastic*"
}
}
}
}
Related
I have a document with 2 nested paths - path.to.node and different.path.
I want to be able to get a date histogram based on the path.to.node.date field but then group the buckets based on different.path.to.name.
Is that possible?
I tried something like this but it doesn't seem to work...
{
"size":0,
"query":{...},
"aggregations":{
"path.to.node.date":{
"nested":{
"path":"path.to.node"
},
"aggregations":{
"path.to.node.date":{
"filter":{
"range":{...}
}
},
"aggregations":{
"different.path.name":{
"nested":{
"path":"different.path"
},
"terms":{
"field":"different.path.name"
...
},
"aggregations":{
"path.to.node.date":{
"date_histogram":{
"field":"path.to.node.date",
"interval":"1M",
"offset":0,
"order":{"_key":"asc"},
"keyed":false,"min_doc_count":0}
}
}
}
}
}
}
}
}
}
I'm trying to compose a query in Elasticsearch that filters out documents with a specific field value, and also returns the number of documents that has been filtered out as an aggregation.
What I have so far is below, however, with my solution it seems that the documents are filtered out first, then after the filtering, the count is performed, which is making it always be 0.
{
"query":{
"bool":{
"must_not":[
{
"terms":{
"gender":[
"male"
]
}
}
]
}
},
"aggs":{
"removed_docs_count":{
"filter":{
"term":{
"gender":"male"
}
}
}
}
}
You don't need a query block, just aggs will provide you expected results.
{
"aggs":{
"removed_docs_count":{
"filter":{
"term":{
"gender":"male"
}
}
}
}
}
I have a query like
{
"query":{
"bool":{
"must":[
{
"range":{
"created_date":{
"gte":1801301,
"lte":1807061
}
}
}
]
}
},
"aggs":{
"rating":{
"filters":{
"filters":{
"neutral":{
"match":{
"rating":0
}
},
"positive":{
"match":{
"rating":1
}
},
"negative":{
"match":{
"rating":2
}
}
}
}
}
},
"size":0
}
The query filters documents by created_date. I use date range that covers two date ranges: current and previous. Like data for this month and previous month. This is needed in other calculations(original query is much bigger).
This query works, but it calculates the rating for current and previous date ranges. I need to calculate rating in shorter date range: created_date: 1804181-1807061.
Is there a way how I can do this?
You can use
{
"range: {
"created_date": {
"gte":"now-10d/d",
"lte":"now/d"
}
}
}
I'm thinking this will help for you. Let me know if you any questions
I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way?
The condition below is only for example.
GET _search
{
"aggs" : {
"sum_field" : { "sum" : { "field" : "someField" } }
},
"script_fields": {
"script_name": {
"script": {
"lang": "painless",
"source": """
// get there aggs result (sum_field)
if(sum_field > 5){
return sum_field
}
"""
}
}
}
}
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
In your opinion what would be the best way to do the following?
I want to filter an ElasticSearch query by several ranges that are grouped in an OR filter, and then by one final range that needs to be included as an AND filter. The explanation is a bit crappy but hopefully the pseudo-code below will help...
Basically I tried structuring the following query:
{
"query":{
"multi_match":{
"query":"blue",
"fields":[
"name"
]
}
},
"sort":{
"_score":{
"order":"desc",
"missing":"_last"
}
},
"from":"0",
"size":"24",
"facets":{
"rating":{
"range":{
"field":"rating",
"ranges":[
{
"from":1
},
{
"from":2
},
{
"from":3
},
{
"from":4
}
]
}
},
"price":{
"range":{
"field":"price",
"ranges":[
{
"to":10
},
{
"from":10,
"to":100
},
{
"from":100,
"to":1000
}
{
"from":1000
}
]
}
}
},
"filter":{
"or":[
{
"range":{
"price":{
"from":"10",
"to":"100"
}
}
},
{
"range":{
"price":{
"from":"100",
"to":"1000"
}
}
}
],
"and":{
"numeric_range":{
"rating":{
"gte":"4"
}
}
}
}
}
This failed with the error that there was "No parser for element [numeric_range]". So I tried replacing:
"and":{
"numeric_range":{
"rating":{
"gte":"4"
}
}
}
with:
"numeric_range":{
"rating":{
"gte":"4"
}
}
The query now returns results but it's returning results with prices in the ranges 10-100, 100-1000 and ANY results with a rating greater than 4 (even if their price is outside of the defined range).
Any clues on how I could do this query? Do I need to be using a bool filter?
Ah ha, figured it out, with the help of Boaz Leskes over on the ElasticSearch mailing list!
It should be structured like this:
filter: {
bool: {
must: [
{
"numeric_range":{
"rating":{
"gte":"4"
}
}
}
],
should: [
{
"range":{
"price":{
"from":"10",
"to":"100"
}
}
},
{
"range":{
"price":{
"from":"100",
"to":"1000"
}
}
}
]
}
}