I have a field which store the insert time,such as 2016-10-10 11:00:00.000,I tried keyword type and date type,they all meet the range requirements,such as
{
"query": {
"range" : {
"time" : {
"gte" : "2016-10-10 11:00:00.000",
"lte" : "2016-10-10 12:00:00.000"
}
}
}
}
keyword and date type which is better?
In your case, since you're storing dates, it's more appropriate to use the date data type, indeed. Internally, those dates will be stored as a long timestamps and the range query will be run on them, so that you have a numerical range.
keyword is intended to be used for string data. If you store those dates as keyword, your dates will be stored as unanalyzed strings and the range query that will be run on them will consider them as a lexical range.
If you ever need to create date_histogram aggregation out of those dates, the keyword type won't do it. So you should definitely prefer the date data type.
Related
I want to perform an exact match over decimal values.
I have submitted two applications , for first application with annual salary as 99999868.10 and the other as 99999868.99.
When I do a query for 99999868 or I search 99999868.10 it returns me both the data , whereas I expect it to return only the exact match for it
The query I am executing is :
GET index/_search
{"query": {
"term": {
"Annual Salary": {
"value": "99999868"
}
}
}
}
Change mapping of salary field to numeric type and re index data
Numeric type reference : - https://www.elastic.co/guide/en/elasticsearch/reference/current/number.html
use match_phrase and let me know. Actually, it will solve your problem.
I am querying an Elasticsearch index using the values of a field. Sometimes, I have to extract all the documents having a field set to exactly one value; Some other times I have to retrieve all the documents having a field, set with one of the values in a list of values.
The latter use case contains the former. Can I use a single query using the terms construct?
POST /_search
{
"query": {
"terms" : { "user" : ["kimchy", "elasticsearch"]}
}
}
Or, in cases I know I need to search only for a unique value, it is better to use the term construct?
POST _search
{
"query": {
"term" : { "user" : "kimchy" }
}
}
Which approach is better regarding performance? Does Elasticsearch perform any optimization if the value in the terms construct is unique?
Thanks to all.
See this link. Terms query is automatically cached while term query is not . So, the next you run the same query, the took time for query for execution will be faster. So if you have a case where you need to run the same query again and again, terms query is a good choice. If not, there is not much of difference between the two.
I have a date field defined in index as
"_reportDate": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
}
and I have a query to query from _source field which gives _reportDate field in string of 2015-12-05 01:05:00.
I can't seems to find a way to get date in different date format during query retrieval apart from using script field (which is not preferable). From what I understand a date field will be parse to long value to be indexed in elastic search, can we retrieve the long value as well during elasticsearch query?
You need to store the field and at search time ask for this stored field.
If it does not work you can always apply the script at index time with ingest feature and a script processor.
I saved a type of datetime data to ES, in the search results, this field type was converted into a timestamp(integer), is there any way to turn into a string(just by modifying the query parameters)?
You can specify fields in the query then elasticsearch returns the fields in the format that you originally stored it:
You have two options ,
You can specify the date format at index time and return the same.
You can use scripts to format the date in the format you need.
curl -XGET http://localhost:9200/myindex/test/_search?pretty -d '
{
"query":{
"match_all":{ }
},
"script_fields":{
"aDate":{
"script":"if (!_source.myDate?.equals('null')) new java.text.SimpleDateFormat('yyyy-MM-dd\\'T\\'HH:mm:ss').format(new java.util.Date(_source.myDate));"
}
}
}'
I would choose the firat one as scripts are generally a lot more expensive.
The question I have is if there is a way to use a terms include on a numeric field in an elasticsearch aggregation.
I am using a generic query for multiple fields in elastic search and this is fine as most of my fields are string values and I can specify the unique field with an include. However one of my fields is a numeric value and is throwing this error:
"cannot support regular expression style include/exclude settings as
they can only be applied to string fields"
So my question is, is there a an equivalent to string matching include for numeric values? I have tried using a range set from say 9 to 9 to match but it is not returning anything and unfortunately is keyed by the specified range and not the value of the specified field which is what I desire. Any input would be appreciated!
Thanks!
You can pass numbers inside an array like this for exact match
{
"size": 0,
"aggs": {
"numeric_agg": {
"terms": {
"field": "my_field",
"include": [1,2,3]
}
}
}
}
Hope this helps!