I want to do multiple text search in same field
for example in sub_cat_seo_url field i want to get 'english-news' and 'business-news' filter by language and region
when i tried like below code it is not working
{
"query":{
"filtered":{
"query":{
"query_string":{
"query":[
"english-news",
"business-news"
],
"fields":[
"sub_cat_seo_url"
]
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"lang":"en"
}
},
{
"term":{
"region":"1"
}
}
]
}
}
}
}
}
For single text search it is working fine
{
"query":{
"filtered":{
"query":{
"query_string":{
"query":"english-news",
"fields":[
"sub_cat_seo_url"
]
}
},
"filter":{
"bool":{
"must":[
{
"term":{
"lang":"en"
}
},
{
"term":{
"region":"1"
}
}
]
}
}
}
}
}
Please help what have to change in my code, to do multi text search in same field (or operation)
Thanks
Thanigaivelan
Try out this
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "\"english-news\" AND \"business-news\"",
"fields": [
"sub_cat_seo_url"
]
}
},
"filter": {
"bool": {
"must": [
{
"term": {
"lang": "en"
}
},
{
"term": {
"region": "1"
}
}
]
}
}
}
}
}
Related
Hi Bellow Search provides me Log where it has both "value": "HB" and "value": "1234567" as, I am using Term, however, What I am looking for this if this match
("value": "HB" OR "value": "TR" ) AND "value": "1234567"
but not understanding how to do in below,
Can anyone please help me
GET _search
{ "query": { "bool": { "must": [ { "match": {"log.file.path":"mylog.log" } }
{
"term": {
"GPS-LOG.COMMAND": {
"value": "HB"
}
}
},
{
"term": {
"GPS-LOG.IMEI": {
"value": "1234567"
}
}
}
], "filter": {
"range": {
"#timestamp": {
"gte": "now-10m"
}
} }
} }
At first glace, it seems like this should have a simple solution. However, since you are using the term query, you can only search one value at a time. I don't know your mapping but if you are using a text field you shouldn't be using term query.
However, to solve this using the term query, you have to create the OR operator using the minimum_should_match combined with should.
See the following code:
GET _search
{
"query":{
"bool":{
"must":[
{
"match":{
"log.file.path":"mylog.log"
}
},
{
"term":{
"GPS-LOG.IMEI":{
"value":"1234567"
}
}
},
{
"bool":{
"should":[
{
"term":{
"GPS-LOG.COMMAND":{
"value":"HB"
}
}
},
{
"term":{
"GPS-LOG.COMMAND":{
"value":"TR"
}
}
}
],
"minimum_should_match":1
}
}
],
"filter":{
"range":{
"#timestamp":{
"gte":"now-10m"
}
}
}
}
}
}
I have some questions about nested query.
Here is my example. The mapping is {"user":"nested"}.The exist data just like this:
{
"user": [
{
"first":"John",
"last":"Smith"
},
{
"first":"Alice",
"last":"White"
}
]
}
How do I create a query to find this document that meets all the conditions:
the first object of user that its "first" is "John" and "last" is "Smith";
the second object of user that its "first" is "Alice" and "last" is "White"
Try with below query :
{
"query":{
"bool":{
"filter":[
{
"bool":{
"must":[
{
"bool":{
"must":[
{
"nested":{
"query":{
"bool":{
"must":[
{
"match_phrase":{
"user.first":{
"query":"John"
}
}
},
{
"match_phrase":{
"user.last":{
"query":"Smith"
}
}
}
]
}
},
"path":"user"
}
},
{
"nested":{
"query":{
"bool":{
"must":[
{
"match_phrase":{
"user.first":{
"query":"Alice"
}
}
},
{
"match_phrase":{
"user.last":{
"query":"White"
}
}
}
]
}
},
"path":"user"
}
}
]
}
}
]
}
}
]
}
}
}
Below query is what you are looking for. You simply need to have two nested queries, one for each conditions you've mentioned, combined in a bool using must clause.
Note that I'm assuming that the fields user.first and user.last are of text type having standard analyzer
POST <your_index_name>
{
"query":{
"bool":{
"must":[
{
"nested":{
"path":"user",
"query":{
"bool":{
"must":[
{
"match":{
"user.first":"john"
}
},
{
"match":{
"user.last":"smith"
}
}
]
}
}
}
},
{
"nested":{
"path":"user",
"query":{
"bool":{
"must":[
{
"match":{
"user.first":"alice"
}
},
{
"match":{
"user.last":"white"
}
}
]
}
}
}
}
]
}
}
}
Hope this helps!
The answer is:
{
"query": {
"bool": {
"must": [
{
"has_parent": {
"parent_type": "doc",
"query": {
"bool": {
"must": [
{
"terms": {
"id": [
713
]
}
},
{
"range": {
"created": {
"lte": "now/d"
}
}
},
{
"range": {
"expires": {
"gte": "now/d"
}
}
}
]
}
}
}
},
{
"nested": {
"path": "prices",
"query": {
"bool": {
"filter": [
{
"term": {
"prices.id_prcknd": 167
}
}
]
}
}
}
},
{
"term": {
"doc_type": "item"
}
},
{
"bool": {
"should": [
{
"term": {
"have_prices": true
}
},
{
"term": {
"is_folder": true
}
}
]
}
}
],
"must_not": {
"exists": {
"field": "folder"
}
}
}
},
"sort": [
{
"is_folder": {
"order": "desc"
}
},
{
"title_low.order": {
"order": "asc"
}
}
],
"size": 1000
}
I need to filter an ES query where the value of a date field is LTE a given value or the field is missing altogether. Here's my query at this point:
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"must":[
{
"bool":{
"should":[
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"must_not":[
{
"exists":{
"field":"category.object.startdate"
}
}
]
}
]
}
}
]
}
}
}
}
]
}
}
}
When I submit that query, I get the error "[must_not] query malformed, no start_object after query name". We're running ElasticSearch version 5.3.1 in case that matters.
I refactored the query a bit. Removed a must, added a bool for the must_not.
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"should": [
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "category.object.startdate"
}
}
}
}
]
}
}
}
}
]
}
}
}
I am trying to combine match query and range query but its not working properly.
GET file*/_search
{
"query":{
"bool":{
"should":[
{
"match":{
"message":"timeout"
}
},
{
"match":{
"message":"java.lang.IllegalStateException"
}
},
{
"range":{
"#timestamp":{
"gt":"now-1h",
"lte":"now",
"time_zone":"+01:00"
}
}
}
]
}
}
}
Date filter is not working properly here ,am i doing something wrong here?
Thanks
Replace }, with ], and add filter to query. For example:
{
"query": {
"bool": {
"should": [
{ "match":{ "message":"timeout" }},
{ "match":{ "message":"java.lang.IllegalStateException"}}
],
"filter": [
{ "range": { "#timestamp": { "gt": "now-15m", "lte": "now", "time_zone":"+01:00" }}}
]
}
}
}
I've looked back at some queries I have saved, and it appears I've managed to achieve essentially the same query in three different ways. They all return the same data, but which one is 'correct'? I.e., which one contains no superfluous code and is most performant?
Option 1
{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 2
{
"query":{
"filtered":{
"filter":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 3
{
"query":{
"filtered":{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
If I were to guess, I'd go for Option 2, as the others appear that they might be running match as query. But the documentation is pretty confusing regarding the correct form that DSL queries should take.
Based on your comment, I'd go for option 2 but with a simple term filter for starters instead of match which isn't allowed in filters.
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"event": "eventname"
}
},
{
"range": {
"#timestamp": {
"gt": "now-70s"
}
}
}
]
}
}
}
},
"aggs": {
"myterms": {
"terms": {
"field": "event"
}
}
}
}