I am using Elasticsearch 5.1.1. While doing a nested query, it is returning 400 Error
My Doc will look like this
{
"_index" : "test",
"_type" : "test_five",
"_source" : {
"doc" : {
"keyword_elas" : "elasticsearch",
}
},
"doc_as_upsert" : true }
This is my Query Code
{
"query": {
"nested": {
"path":"_source",
"query": {
"nested": {
"path": "_source.doc",
"query": {
"match": {
"_source.doc.keyword_elas": "elasticsearch"
}
}
}
}
}
}}
For the above Query i got an exception
elasticsearch.exceptions.RequestError: TransportError(400,
u'search_phase_execution_exception', u'failed to create query: {\n
"nested" : {\n "query" : {\n "nested" : {\n
Is this an exception due to some Query Mistake ? or any Version problem...
Thank You
I am not quite sure why you're using a nested query in this environment.
If I have a document like this :
{
"_index" : "test",
"_type" : "test_five",
"_source" : {
"doc" : {
"keyword_elas" : "elasticsearch",
}
},
"doc_as_upsert" : true }
And my goal is to match the keyword_elas field. All I would do is :
GET test/test_five/_search
{
"query": {
"match" : {
"keyword_elas" : "elasticsearch"
}
}
}
Exact Matches :
Analyzed field :
GET test/test_five/_search
{
"query": {
"match" : {
"keyword_elas" : "elasticsearch",
"fuzziness": "0"
}
}
}
Note : If you have a document in keyword_elas that contains elasticsearch ABC , this query will work because it will be zero fuzziness on the first token (elasticsearch).
For not analyzed fields (fully exact match)
GET test/test_five/_search
{
"query": {
"term" : { "keyword_elas" : "elasticsearch" }
}
}
If you have two documents in your index with
keyword_elas : elasticsearch
and
keyword_elas : elasticsearch abc
The term query will only match the first document.
Related
When i do a multi-condition query and apply field collapsing to one of the field in the mentioned index i get following error
no mapping found for `search_type.keyword` in order to collapse on
Query Used :
GET /_search
{
"query": {
"bool" : {
"must" : [
{
"match" :
{
"id" : "123456"
}
},
{
"terms": {
"_index": ["history"]
}
}
]
}
},
"collapse" : {
"field" : "search_type.keyword",
"inner_hits": {
"name": "terms",
"size": 10
}
}
}
Error Trace:
{
"shard" : 0,
"index" : "test",
"node" : "UOA44HkATh61krg6ht3paA",
"reason" : {
"type" : "illegal_argument_exception",
"reason" : "no mapping found for `search_type.keyword` in order to collapse on"
}
}
Currently, am applying the query only for index - history but the result throws exception for indexes that i haven't mentioned. Please help how to narrow down field collapsing to a particular index.
It appears to be a bug, but if you notice your result carefully, you should be able to view the response you are looking for at the very end after all the such errors are observed.
But then again why not add the index name to the front and modify your query as below:
POST history/_search <---- Add index name here
{
"query": {
"bool": {
"must": [
{
"match": {
"id": "123456"
}
}
]
}
},
"collapse" : {
"field" : "search_type.keyword",
"inner_hits": {
"name": "terms",
"size": 10
}
}
}
Upon trying to emulate the following expression in ES
expr1 && expr2 && expr3
And I came up with this
curl -X GET "http://localhost:9200/policy_router-2019.12.30/_search?pretty" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must" : [
{
"range" : { "#timestamp": { "gte": "now-15s", "lte": "now"} }
},
{
"query_string": { "query": "rewriteGateway", "default_field" : "message" }
},
{
"query_string": {"query": "policy-router-summer-snow-5555" ,"default_field" : "host" }
}
]
}
}
}'
But, it seems I'm not able to equate what I want, correctly with the above query. i.e every time I run the above query I see the documents which has host value different what I want it to be i.e policy-router-summer-snow-5555 here
I also tried nesting must inside the outer must but that resulted in a syntax error.
I'm failing to understand why does the last query_string expression for the host does not match.
Following is my ES version
{
"name" : "an2FbQZ",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "gIk5QPI3Rb6NPckeCRaUqQ",
"version" : {
"number" : "5.5.2",
"build_hash" : "b2f0c09",
"build_date" : "2017-08-14T12:33:14.154Z",
"build_snapshot" : false,
"lucene_version" : "6.6.0"
},
"tagline" : "You Know, for Search"
}
Following is how my document looks like (this is one of the documents returned for the above query, it can be seen clearly that the host does not match)
{
"_index" : "policy_router-2019.12.31",
"_type" : "policy_router",
"_id" : "AW9aG7_1tIiuv3oe07ZO",
"_score" : 4.6003995,
"_source" : {
"severity" : "INFO",
"input" : "udp",
"#timestamp" : "2019-12-31T03:59:25.107Z",
"#version" : "1",
"host" : "policy-router-proud-cherry-2098",
"message" : "2019-12-31 03:59:25.107111 I [PolicyRouter::Push] PolicyRouter -- PR -> LA ... rewrite gateway ... ",
"type" : "policy_router"
}
}```
Any guidance here from ES expert.
Try this query along with your field's name and value.
{
"query": {
"bool": {
"must": [
{
"range": {
"FIELD": {
"gte": 10,
"lte": 20
}
}
},
{
"match_phrase": {
"FIELD": "PHRASE"
}
},
{
"match_phrase": {
"FIELD": "PHRASE"
}
}
]
}
}
}
How can I search for documents that have all of the specified tags in the following query? I tried minimum_should_match and "execution": "and", but none of them is supported in my query.
GET products/fashion/_search
{
"query": {
"constant_score": {
"filter" : {
"bool" : {
"must" : [
{"terms" : {
"tags" : ["gucci", "dresses"]
}},
{"range" : {
"price.value" : {
"gte" : 100,
"lt" : 1000
}
}}
]
}
}
}
},
"sort": { "date": { "order": "desc" }}
}
====== UPDATE
I found a way to build my queries. The task was to reproduce the following mongodb query in the elasticsearch:
{
"tags": {
"$all":["gucci","dresses"]
},
"price.value":{"$gte":100,"$lte":1000}
}
And here is my elasticsearch query
GET products/fashion/_search
{
"query": {
"bool" : {
"filter" : [
{"term" : {
"tags" : "gucci"
}},
{"term" : {
"tags" : "dresses"
}},
{"range" : {
"price.value" : {
"gte" : 100,
"lt" : 1000
}
}}
]
}
}
}
Do you have a mapping defined for your index? By default, Elasticsearch will analyze string fields. If you want to find exact terms like you are above, you need to specify them as not_analyzed in the mapping.
https://www.elastic.co/guide/en/elasticsearch/guide/current/_finding_exact_values.html#_term_filter_with_text
I have a Elasticsearch 2.4.0 installation. Now I would like to use highlight information. With the following query I get a result list with some hits, but no highlights. Any idea?
Regards CL
{
"query": {
"query_string" : {
"query": "harley"
}
},
"highlight" : {
"pre_tags" : ["<tag1>"],
"post_tags" : ["</tag1>"],
"fields" : {
"GivenName" : {},
"FamilyName" : {}
}
}
}
I am new to Elasticsearch. I have a filtered query as follows
{
"query": {
"filtered" : {
"query" : {
"term" : {
"title" : "crime"
}
},
"highlight" : {
"fields" : {
"title" : {}
}
},
"filter" : {
"term" : { "year" : 1961 }
}
}
}
}
When I tried this query and got the error:
[filtered] query does not support [highlight]
Does filtered query support highlight? If not, how can I achieve highlight in query with filters? I have to use filters.
Thanks and regards!
The "highlight" parameter should go at the same level as the "query" parameter, not embedded within it. In your case it should look something like this:
{
"query": {
"filtered" : {
"query" : {
"term" : {
"title" : "crime"
}
},
"filter" : {
"term" : { "year" : 1961 }
}
}
},
"highlight" : {
"fields" : {
"title" : {}
}
}
}
Highlighting reference
Highlights problems with a filtered query