I've got the following query
{
"from":0,
"size":50000,
"_source":[
"T121",
"timestamp"
],
"sort":{
"timestamp":{
"order":"asc"
}
},
"query":{
"bool":{
"must":{
"range":{
"timestamp":{
"gte":"2017-01-17 11:44:41.347",
"lte":"2017-02-18 11:44:47.878"
}
}
},
"must":{
"exists":{
"field":"T121"
}
}
}
}
}
http://172.22.23.169:9200/index1,index2,Index3/_search?pretty
With this URL i want to query over a number of indices in Elasticsearch and only return those documents where a specific field exists.
Is it possible to put in a list of fields in the "exists" clause where i define
if "field1" OR "field2" OR "fiedl3" are existing in one of the documents return it, otherwise don't, or do i have to script such a case?
To search across all indices use > http://172.22.23.169:9200/_search?pretty
To search across selected indices add following filter to "bool" filter
"must": {
"terms": {
"_index": [
"index1",
"index2"
]
}
}
For OR'ing multiple "exists", you can use should clause with multiple exists and specify "minimum_should_match" to control searched records.
{
"from":0,
"size":50000,
"_source":[
"T121",
"timestamp"
],
"sort":{
"timestamp":{
"order":"asc"
}
},
"query":{
"bool":{
"must":{
"range":{
"timestamp":{
"gte":"2017-01-17 11:44:41.347",
"lte":"2017-02-18 11:44:47.878"
}
}
},
"should":[
{
"exists":{
"field":"field1"
}
},
{
"exists":{
"field":"field2"
}
},
{
"exists":{
"field":"field3"
}
}
]
}
}
}
Related
I'm trying to search posts with some prefixes (212, 215) and in certain node (663).
This query is searching posts with OR prefix operator. But i need a query to search with AND operator. How to do it? This query is generated by CMS:
{
"query":{
"bool":{
"filter":[
{
"term":{
"node":663
}
},
{
"terms":{
"prefix":[
"215",
"212"
]
}
},
{
"bool":{
"should":[
{
"type":{
"value":"post"
}
},
{
"type":{
"value":"thread"
}
}
]
}
}
],
"must":{
"match_all":{
}
}
}
},
"sort":[
{
"date":"desc"
}
],
"size":8000,
"docvalue_fields":[
"discussion_id",
"user",
"date"
],
"_source":false
}
If you're looking for docs that have a list of values for prefix containing both 212 and 215, you should use separate queries:
{
"query":{
"bool":{
"filter":[
...
{"match":{"prefix":"212"}},
{"match":{"prefix":"215"}},
...
],
...
}
I am running following elasticsearch query from groovy script. There are thousands of records which meet this criteria, but I get only 10 records in return.
{
"query":{
"bool":{
"must":[
{
"match_all":{
}
},
{
"range":{
"#Timestamp":{
"gte":1417511269270,
"lte":1575277669270,
"format":"epoch_millis"
}
}
},
{
"match_phrase":{
"field1.keyword":{
"query":"value1"
}
}
},
{
"match_phrase":{
"field2.keyword":{
"query":"value2"
}
}
},
{
"range":{
"#Timestamp":{
"gte":"2001-03-01",
"lt":"2019-10-30"
}
}
}
],
"filter":[
],
"should":[
],
"must_not":[
]
}
}
}
What am I missing in my query?
You are missing a size parameter, which means it defaults to 10 results.
e.g. add this to your query object:
"size": 100
i am using elasticsearch version 6.3.0. I want to use fuzziness along with multimatch. but there is no option for that. Can anybody provide me a solution ? Thanks in advance
Query :
{ "query": {
"bool": {
"must": [
{"function_score": {
"query": {
"multi_match": {
"query": "local",
"fields": [
"user.name^3",
"main_product"
],
"type": "phrase"
}
}
}}
],
"filter": {
"geo_distance": {
"distance": "1000km",
"user.geolocation": {
"lat": 25.55,
"lon": -84.44
}
}
}
}
} }
Looking at your existing query, you are looking for mix of
Boosting based on field
Multifield match
Phrase Matching
Fuzzy Matching
If it isn't phrase_match you can simply add "fuzziness": "AUTO" or "fuzziness":1 or whatever number based on your requirement in your existing query and you'd get what you are looking for.
Fuzzy without Phrase
POST <your_index_name>/_search
{
"query":{
"bool":{
"must":[
{
"function_score":{
"query":{
"multi_match":{
"query":"local",
"fields":[
"user.name^3",
"main_product"
],
"fuzziness":"AUTO"
}
}
}
}
],
"filter":{
"geo_distance":{
"distance":"1000km",
"user.geolocation":{
"lat":25.55,
"lon":-84.44
}
}
}
}
}
}
Fuzzy with Phrase:
In this case, you need to make use of Span Queries
I've discarded the filtering part just for the sake of simplicity and came up with the below query. And let's say that I am searching for phrase called pearl jam.
POST <your_index_name>/_search
{
"query":{
"function_score":{
"query":{
"bool":{
"should":[
{
"bool":{
"boost":3,
"must":[
{
"span_near":{
"clauses":[
{
"span_multi":{
"match":{
"fuzzy":{
"user.name":"pearl"
}
}
}
},
{
"span_multi":{
"match":{
"fuzzy":{
"user.name":"jam"
}
}
}
}
],
"slop":0,
"in_order":true
}
}
]
}
},
{
"bool":{
"boost":1,
"must":[
{
"span_near":{
"clauses":[
{
"span_multi":{
"match":{
"fuzzy":{
"main_product":"pearl"
}
}
}
},
{
"span_multi":{
"match":{
"fuzzy":{
"main_product":"jam"
}
}
}
}
],
"slop":0,
"in_order":true
}
}
]
}
}
]
}
}
}
}
}
So what I am doing is performing boosting based on fields in multi-field phrase with fuzzy match for phrase called pearl jam.
Having slop: 0 and in_order:true would enable me to do phrase match for the words I've specified in the clauses.
Let me know if you have any queries.
What makes you think there is no option for fuzziness on a multi-match query?
For example, with the data below:
http://localhost:9200/question_1/doc/_bulk
{"index":{}}
{"name" : "John Lazy", "text": "lazzi"}
{"index":{}}
{"name" : "John Lassi", "text": "lasso"}
{"index":{}}
{"name" : "Joan Labbe", "text": "lazzy"}
And this query:
http://localhost:9200/question_1/_search
{
"query": {
"multi_match" : {
"query" : "lazi",
"fields" : [ "name", "text" ],
"fuzziness": 1
}
}
}
Then I get one result, but if I change the fuzziness parameter to 2 I'll get three results.
I'm using an Elasticsearch filter aggregation with a nested top_hits aggregation to retrieve top matching documents based on different filters, but I can't seem to change the scores of results in each bucket via boosting or a nested function_score query. Is this just not possible? I haven't found any explicit documentation saying it won't work, and the query executes just fine, however the resulting scores aren't impacted.
Example query (note the huge boost in the first aggregation):
GET _search
{
"size":0,
"query":{
"bool":{
"should":[
{
"multi_match":{
"type":"phrase",
"query":"TV",
"fields":[
"categories^4"
]
}
}
]
}
},
"aggs":{
"1":{
"filter":{
"bool":{
"must":[
{
"multi_match":{
"type":"phrase",
"query":"Music",
"fields":[
"categories^10"
]
}
}
]
}
},
"aggs":{
"1_hits":{
"top_hits":{
"size":10,
"sort":[
{
"_score":{
"order":"desc"
}
}
]
}
}
}
},
"2":{
"filter":{
"bool":{
"must":[
{
"multi_match":{
"type":"phrase",
"query":"Music",
"fields":[
"categories"
]
}
}
]
}
},
"aggs":{
"2_hits":{
"top_hits":{
"size":10,
"sort":[
{
"_score":{
"order":"desc"
}
}
]
}
}
}
}
}
}
I have some problem with the elasticsearch query. when I use the query code it feedback the messages [bool] malformed query, expected [END_OBJECT] but found [FIELD_NAME].
{
"from":0,
"size":15,
"query":{
"bool":{
"must":[
{
"multi_match":{
"query":"books",
"fields":[
"title^20",
"lead^10",
"content"
],
"type":"phrase"
}
}
]
},
"must":{
"match":{
"groupid":"599e4b49239cfa0a5a5f189d"
}
}
},
"sort":[
{
"times":{
"order":"desc"
}
}
]
}
Your second must clause is not properly located, it must be inside the existing bool/must query. You need to rewrite your query to this:
{
"from":0,
"size":15,
"query":{
"bool":{
"must":[
{
"multi_match":{
"query":"books",
"fields":[
"title^20",
"lead^10",
"content"
],
"type":"phrase"
}
},
{
"match":{
"groupid": "599e4b49239cfa0a5a5f189d"
}
}
]
}
},
"sort":[
{
"times":{
"order":"desc"
}
}
]
}