I'm trying to have multiple wildcard query match in my elasticsearch query in Kibana. I can't quite figure it out.
Basically I want any document with an attribute type="erreur"
and I want to exclude all documents that match the strings "An established*" or "java.lang.*" on the field descr_courte
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte": ["An established*", "java.lang.*"]
}
}
}
}
}
if I put a single wildcard query it works fine
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte":
"An established*"
}
}
}
}
}
the error I get:
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Can't get text on a START_ARRAY at 1:454"}],"type":"search_phase_execution_exception","reason":"all shards
Any idea?
Try putting them is separate clauses.
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
},
"must_not": [
{
"wildcard": {
"descr_courte": "An established*"
}
},
{
"wildcard": {
"descr_courte": "java.lang.*"
}
}
]
}
}
}
}
My guess is that you can't make an array for wildcard query like ["An established*", "java.lang.*"], so you need to:
{
"query": {
"{
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"regexp": {
"descr_courte": "(An established|java\.lang\.).*"
}
}
}
}
}
More info about regexp query in https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-regexp-query.html
Another option is to combine your query terms with the logical operators NOT, AND and OR in the query string
{
"query": {
"query_string" : {
"query" : "type:erreur AND NOT(descr_courte:An established* OR descr_courte:java.lang.*)"
}
}
}
See more info at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_wildcards
Related
I'm using ES 7.14/Kibana 7.10, I have to search for adjacent words (any order), hence I'm using this query:
{
"query":{
"bool":{
"must":[
{
"query_string":{
"query":"*antonio* *banderas*",
"fields":[
"text"
],
"default_operator":"and",
}
}]
}
}
}
This works ok for a text plain field. Now, I have a nested field metadata, let's say the mapping is
{
"mappings:": {
"properties": {
"text": {
"type": "text"
},
"metadata": {
"type": "nested",
"properties": {
"text": {
"type": "text"
}
}
}
}
}
}
and I would like to search that nested field in the same way (adjacent words search), so assumed that it's is possibile to write a nested query for query_string in this way
{
"query": {
"query_string": {
"query": "metadata.text:*antonio* *banderas*"
}
}
}
How to adapt this approach to the previous one with default_operator=and etc.? If I do
{
"query": {
"query_string": {
"query": "metadata.text:*antonio* *banderas*",
"default_operator": "and"
}
}
}
I don't get any result (but any error too).
A similar question, but related to matching adjacent words for multiple nested fields is here.
Adjacent word with any order should not be search with query_string but wildcard or match or term or span_term
There is also a mapping type wildcard optimised for this usage, depends on what type of queries you will need.
So for you first example :
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"text": "*antonio*"
}
},
{
"wildcard": {
"text": "*banderas*"
}
}
]
}
}
}
OR
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"text": "*antonio*banderas*"
}
}
]
}
}
}
and for nested queries :
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "metadata",
"query": {
"bool": {
"must": [
{
"wildcard": {
"metadata.text": "*antonio*"
}
},
{
"wildcard": {
"metadata.text": "*banderas*"
}
}
]
}
}
}
}
]
}
}
}
i have elasticsearch 6.8.8, just for an example of my question. I want to create a query that gets me document with "Test" field with value "1", and i don't want to get "Test" field with value of "3", i know that i could write just the first expression without 3 and it will give me one document with value of "1". But i want to know, is there any way, that i can use must and must_not in the same time, on the same field and getting just the value of "1"?
I wrote this basic example to know what i mean:
{
"from": 0,
"query": {
"nested": {
"path": "attributes",
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "1"
}
}
}
],
"must_not": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "3"
}
}
}
]
}
}
]
}
}
}
}
}
I use attributes as nested field with key-value field that use mapping as string type.
You'll need to leave out attributes.key:Test in the must_not because it filters out all Tests:
GET combine_flat/_search
{
"from": 0,
"query": {
"nested": {
"inner_hits": {},
"path": "attributes",
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "1"
}
}
}
],
"must_not": [
{
"match": {
"attributes.value": {
"query": "3"
}
}
}
]
}
}
]
}
}
}
}
}
Tip: use inner_hits to just return the matched nested key-value pairs as opposed to the whole field.
I have data in the following format:
{ "_id":1,
"s_id":121211,
"data_detail":{
"name":"John",
"phone_number":08089320xxx,
"city":"ABC"
}
}
I need to search data through elastic search which will query where s_id=? and any text which is available in data_detail object. Example s_id=121211 AND ABC. I need wildcard on data_detail object.
Keys for the data_detail object is not fixed.
Thanks in advance.
I would consider using a bool query with multi_match and term query like this. I haven't tested this, but something on these lines should work I guess.
GET test_index/_search
{
"query": {
"nested": {
"path": "data_detail",
"query": {
"bool": {
"must": [
{
"multi_match": {
"query": "ABC",
"fields": [
"data_detail.*"
]
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
}
}
Solved this by using the following query:
{
"query": {
"bool": {
"must": [
{
"query_string":{
"fields":["data_detail.*"],
"query": "*str*",
"analyze_wildcard":true
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
I have a nested object named 'bundles', that usually contains more than one object. Using this query I can succesfully query on the id of an object in bundles, but I fail to write a query that can query on multiple id's. Suggestions?
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"match": {
"bundles.id": 43273
}
}
]
}
},
"inner_hits": {}
}
}
}
Perhaps you want "should" instead of "must" in the boolean filter. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"should": [
{
"match": {
"bundles.id": 43273
},
{
"match": {
"bundles.id": 433373
}
}
]
}
}
}
}
}
You could also use terms query if the field can be matched exactly. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"terms": {
"bundles.id": [1140000000, 114]
}
}
]
}
}
}
}
}'
I am trying to implement NOT condition in elasticsearch query.
Can I Implement filter inside bool or I need to write separate
filter as below. Any optimum solution is there?
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
]
}
},
"filter": {
"not": {
"filter": {
"term": {
"post_type": "page"
}
}
}
}
}
You can use a must_not clause:
{
"query": {
"bool": {
"must": [
{
"match": {
"_all": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
],
"must_not": {
"term": {
"post_type": "page"
}
}
}
}
}
Also, I'd recommend using a match filter instead of query_string, as query_string requires the much more strict Lucene syntax (and is therefor more error prone), whereas match works more like a search box: it will automatically transform a human readable query to a Lucene query.