Develop Reference

Get unique data from a field using ElasticSearch query DSL in Kibana

I have already various queries that collect data and show it in the Kibana dashboard.
Now I would like to get unique values from my result data. How can I write the query DSL for that.
Basically I would like to get unique value for the field contextMap.connectionid. Is there a way do achieve that using something similar to this example?
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "app",
"query": {
"bool": {
"must": [
{
"match": {
"app.key": "contextMap.connectionid"
}
}
]
}
}
}
}
]
}
}
}

You can calculate distinct count with the help of aggregation .
So, your search query is :
Search Query :
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "app",
"query": {
"bool": {
"must": [
{
"match": {
"app.key": "contextMap.connectionid"
}
}
]
}
}
}
}
]
}
},
"aggs": {
"uniqueconnectionId": {
"terms": {
"field": "contextMap.connectionid.keyword"
}
}
}
}
You can refer here for calculating distinct values of a field https://discuss.elastic.co/t/get-distinct-values-from-a-field-in-elasticsearch/99783

Elasticsearch conditional query for nested array

Using the following document, I'm trying to perform an Elasticsearch keyword query, conditionally excluding field data from the scope of the search. Is this possible?
{
"Name":"doc1",
"UserData":[
{
"EnteredBy":"Eric",
"Description":"Desc entered by Eric, abc"
},
{
"EnteredBy":"Alex",
"Description":"Desc entered by Alex, def"
}
]
}
The Elasticsearch query I need will allow me to search across the whole document, except it should exclude from the search UserData items where EnteredBy does not match the specified user.
The following queries would return results:
User:Eric doc1
User:Eric abc
User:Alex doc1
User:Fred doc1
The following queries would not return results:
User:Eric def
User:Fred def
Everything I've tried thus far, ends up filtering content based on the presence of UserData nodes which apply to the specified user. I can't think of a way to specify that a field should be searched, only if the EnteredBy field matches.
I could restructure the document, if that would solve the problem.
Edit 1
The index..
PUT index1
{
"settings": {
"number_of_shards": 2,
"number_of_replicas": 0
},
"mappings": {
"properties" : {
"UserData" : {
"type":"nested"
},
"Name": {
"type":"text"
}
}
}
}
Edit 2
The query below is providing the results that I need, except for the child entity, I have to search in a specific field. If I change the second condition of the nested search into a query_string search, then it no longer uses the EnteredBy condition.
GET index1/_search
{
"query": {
"bool": {
"should": [
{
"nested":
{
"path": "UserData",
"query": {
"bool": {
"must": [{
"match": {
"UserData.EnteredBy": "Eric"
}},
{
"match": {
"UserData.Description": "def"
}
}]
}
}
}
},
{
"query_string":
{
"query": "doc1x"
}
}
]
}
}
}

This query appears to be working. I think I answered my own question.
GET index1/_search
{
"query": {
"bool": {
"should": [
{
"nested":
{
"path": "UserData",
"query": {
"bool": {
"must": [{
"match": {
"UserData.EnteredBy": "Eric"
}},
{
"query_string": {
"query": "def"
}
}]
}
}
}
},
{
"query_string":
{
"query": "doc1"
}
}
]
}
}
}

Elastic Search - Query with dynamic object and wildcard

I have data in the following format:
{ "_id":1,
"s_id":121211,
"data_detail":{
"name":"John",
"phone_number":08089320xxx,
"city":"ABC"
}
}
I need to search data through elastic search which will query where s_id=? and any text which is available in data_detail object. Example s_id=121211 AND ABC. I need wildcard on data_detail object.
Keys for the data_detail object is not fixed.
Thanks in advance.

I would consider using a bool query with multi_match and term query like this. I haven't tested this, but something on these lines should work I guess.
GET test_index/_search
{
"query": {
"nested": {
"path": "data_detail",
"query": {
"bool": {
"must": [
{
"multi_match": {
"query": "ABC",
"fields": [
"data_detail.*"
]
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
}
}

Solved this by using the following query:
{
"query": {
"bool": {
"must": [
{
"query_string":{
"fields":["data_detail.*"],
"query": "*str*",
"analyze_wildcard":true
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}

How to check how many documents do not exist out of a list in elasticsearch

What will be the query to retrieve the number of documents not found in a query
This is my Query
$params['body']['query']["bool"]["filter"]["terms"]["feild"] = (list);
I want to retrieve the documents not found from the list.
If my List has (A,B,C). i just need to know that C is not indexed. I don't Need A,B,D,E,F or all of the remaining documents in index.

You can use must_not clause to achieve the negation of your query as shown below:
GET my-index/_search
{
"query": {
"constant_score": {
"filter": {
"bool": {
"must_not": {
"terms": {
"field": [
"value-1", "value-2"
]
}
}
}
}
}
}
}

must_not with aggregation will give more details about that field values which you are not expecting :-
{
"_source":false,
"query": {
"bool": {
"must_not": [
{"term": {"aFieldName": "aFieldValue"}}
]
}
},
"aggregations": {
"byLocation": {
"terms": {
"field": "aFieldName"
}
}
}
}

Elastic search query according to MySQL Group by clause

I am using Elasticsearch I want to write a query for getting unique record on the basis of query and group:
SELECT * from users where name='%john%', age='21', location='New York' group by name
Could you please let me know how to write the query in elasticsearch with query.

It would go something like this. You need a filtered query with a query_string in the query part to match *john* and then two filters in the filter part to match the age and the location. Finally, the grouping is achieved using a terms aggregation.
{
"query": {
"query": {
"query_string": {
"query": "*john*",
"default_field": "name"
}
},
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"age": 21
}
},
{
"term": {
"location": "New York"
}
}
]
}
}
}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "name"
}
}
}
}