I am using ES 2.4.0
i have to match a string it will be like this "{hi} {ARE} {how} {You}"
I given query like this
{
"query": {
"match": {
"simple": "{hi} {ARE} {how} {You}"
}
}
}
In the output it is showing all the documents rather than the documents that match the exact string (i.e simple) value.
NOTE: This is analysed at mapping level.
If you want to match all the keywords in the same order, you should use match_phrase
{
"query": {
"match_phrase": {
"simple": "{hi} {ARE} {how} {You}"
}
}
}
In case you don't need the words in the same order, but want only all these words to be present in the search results, then use match with operator.
{
"query": {
"match": {
"simple": {
"query": "{hi} {ARE} {how} {You}",
"operator": "and"
}
}
}
}
Related
Suppose I have a string like
/something/other/123
I want to be able to search 123. For some reason given that the string is indexed as keyword, when I attempt to do
GET /_search
{
"query": {
"wildcard": {"myfield": {"value": "*123"}}
}
}
It gives nothing, why is that?
Wildcard query works on the keyword field. if you have .keyword subfield(if Elasticsearch generated the mapping for your myfield) then below query returns the result.
{
"query": {
"wildcard": {
"myfield.keyword": { --> note .keyword in the field name.
"value": "*123"
}
}
}
}
I am using kibanna
I am trying to put filter on a field container_name = "armenian"
but I have other container names with following names
armenian_alpha
armenian_beta
armenian_gama
armenian1
armenian2
after putting the filter , search query in kibanna becomes
{
"query": {
"match": {
"container_name": {
"query": "armenian",
"type": "phrase"
}
}
}
}
But the output searches logs for all containers , as I can see the Elastic search query is using a pattern matching
How can I put an exact match with the string provided and avoid the rest ?
You can try out with term query. Do note that it is case sensitive by default unless you specify with case_insensitive equals to true. Also, if your container_name is a text field type instead of keyword field type, do add the .keyword after the field name. Otherwise, ignore the .keyword.
Example:
GET /_search
{
"query": {
"term": {
"container_name.keyword": {
"value": "armenian"
}
}
}
}
Link here: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
I would recommend using a direct wildcard in query or wildcard as follow
GET /_search
{
"query": {
"match": {
"container_name": {
"query": "*armenian",
"type": "phrase"
}
}
}
}
GET /_search
{
"query": {
"wildcard": {
"container_name": {
"value": "*armenian"
}
}
}
}
With *armenian you are ensuring that armenian comes at the end.
I am working on elastic search to fetch the record which contain string "bond"
{
"query": {
"match": {
"name": "Bond"
}
}
}
but I am getting empty array as a output. Though multiple records are present containing string "bold" , but i am getting empty hits. (hits:[])
How to solve this issue?
I am using same query for another index and its working but for index named as "all_colleges", its not working.
Its only returning the record when string is perfect match. i.e. "Bond" == "Bond"
You can try with fuzziness:
{
"query": {
"match": {
"name": {
"query": "Bond",
"fuzziness": "AUTO"
}
}
}
}
Actually there is many parameters you can add to get the results that you want in elastic search. Please check this link https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html
You can try this one
{
"query": {
"match": {
"name": {
"query": "Bond",
"fuzziness": "AUTO"
}
}
}
}
`
"I am searching in a elasticsearch cluster GET request on the basis of sourceID tag with value :- "/A/B/C/UniqueValue.xml" and search query looks like this:-"
{
"query": {
"bool": {
"must": [
{
"term": {
"source_id": {
"value": "/A/B/C/UniqueValue.xml"
}
}
}
]
}
}
}
"How can i replace "/A/B/C" from any wildcard or any other way as i just have "UniqueValue.xml" as an input for this query. Can some please provide the modified search Query for this requirement? Thanks."
The following search returns documents where the source_id field contains a term that ends with UniqueValue.xml.
{
"query": {
"wildcard": {
"source_id": {
"value": "*UniqueValue.xml"
}
}
}
}
Note that wildcard queries are expensive. If you need fast suffix search, you could add a multi-field to your mapping which includes a reverse token filter. Then you can use prefix queries on that reversed field.
How do I pass a list as query string to match_phrase query?
This works:
{"match_phrase": {"requestParameters.bucketName": {"query": "xxx"}}},
This does not:
{
"match_phrase": {
"requestParameters.bucketName": {
"query": [
"auditloggingnew2232",
"config-bucket-123",
"web-servers",
"esbck-essnap-1djjegwy9fvyl",
"tempexpo",
]
}
}
}
match_phrase simply does not support multiple values.
You can either use a should query:
GET _search
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"requestParameters.bucketName": {
"value": "auditloggingnew2232"
}
}
},
{
"match_phrase": {
"requestParameters.bucketName": {
"value": "config-bucket-123"
}
}
}
]
},
...
}
}
or, as #Val pointed out, a terms query:
{
"query": {
"terms": {
"requestParameters.bucketName": [
"auditloggingnew2232",
"config-bucket-123",
"web-servers",
"esbck-essnap-1djjegwy9fvyl",
"tempexpo"
]
}
}
}
that functions like an OR on exact terms.
I'm assuming that 1) the bucket names in question are unique and 2) that you're not looking for partial matches. If that's the case, plus if there are barely any analyzers set on the field bucketName, match_phrase may not even be needed! terms will do just fine. The difference between term and match_phrase queries is nicely explained here.