I have been using/mapping the string field to being index: "not_analyzed" but still not able to get search results for capital letter strings ?? I searched the whole internet inside out , but there is no simple workaround.
Sample data:
{
"job_status":"Finished",
"build_number":"94",
"build_duration":778,
"#timestamp":"1455317284293",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild03",
"job_name":"DMWM-WMCore-RunTests-Oracle"
},
{
"job_status":"Finished",
"build_number":"96",
"build_duration":859,
"#timestamp":"1455662929042",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild02",
"job_name":"DMWM-WMCore-RunTests-Oracle"
},
{
"job_status":"Finished",
"build_number":"89",
"build_duration":385,
"#timestamp":"1454453359226",
"build_result":"UNSTABLE",
"slave_node":"tiny-cmsbuild06",
"job_name":"DMWM-WMCore-RunTests-Oracle"
}
kibana3 is making this query:
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "job_name:D*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
}
}
but get no results.
The reason you don't get any results is because the query_string query has a parameter called lowercase_expanded_terms which is true by default.
What it does is to lowercase the query string you're passing to it, so that job_name:D* becomes job_name:d*, hence why nothing is matching.
However, if you query like this, i.e. by setting lowercase_expanded_terms to false, it will work:
curl -XGET localhost:9200/your_index/_search?lowercase_expanded_terms=false&q=job_name:D*
Related
My knowledge of Elasticsearch is a bit limited, so what I want to do might not even be possible.
Say I have an ecommerce where I want to be able to freely search on the article names and other fields, but I also want to search on exact article codes aswell. Is this possible in the same query?
Example:
"articlecode": "v400",
"name": "Earplugs for humans"
}
{
"articlecode": "b6655",
"name": "Hammer 400"
}
So can a query be written that combines both multimatch and terms? So that If I search for '400' I get 2 results, but if I search for v400 I just get one result as it is an exact match on the "articlecode"-field.
Below is our current query, where i have an ngram on the "name" field and where I use the term-keyword on the language-field.
{
"size": 10,
"query": {
"bool": {
"must": {
"multi_match": {
"query": "v400",
"fields": [
"articlecode^10",
"name^7"
]
}
},
"filter": {
"term": {
"IdLang.keyword": "sv"
}
}
}
}
}
Have you ever thought of using query_string instead of multi_match? Then you can use wildcard in your search:
{
"size": 10,
"query": {
"bool": {
"must": {
"query_string": {
"query": "*v400",
"fields": [
"articlecode^10",
"name^7"
]
}
}
}
}
}
If you want to search with 400 anywhere in the 2 fields, you can do *400*, or only leading or trailing, depending on what you want.
How do I pass a list as query string to match_phrase query?
This works:
{"match_phrase": {"requestParameters.bucketName": {"query": "xxx"}}},
This does not:
{
"match_phrase": {
"requestParameters.bucketName": {
"query": [
"auditloggingnew2232",
"config-bucket-123",
"web-servers",
"esbck-essnap-1djjegwy9fvyl",
"tempexpo",
]
}
}
}
match_phrase simply does not support multiple values.
You can either use a should query:
GET _search
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"requestParameters.bucketName": {
"value": "auditloggingnew2232"
}
}
},
{
"match_phrase": {
"requestParameters.bucketName": {
"value": "config-bucket-123"
}
}
}
]
},
...
}
}
or, as #Val pointed out, a terms query:
{
"query": {
"terms": {
"requestParameters.bucketName": [
"auditloggingnew2232",
"config-bucket-123",
"web-servers",
"esbck-essnap-1djjegwy9fvyl",
"tempexpo"
]
}
}
}
that functions like an OR on exact terms.
I'm assuming that 1) the bucket names in question are unique and 2) that you're not looking for partial matches. If that's the case, plus if there are barely any analyzers set on the field bucketName, match_phrase may not even be needed! terms will do just fine. The difference between term and match_phrase queries is nicely explained here.
I want to find the record in my elasticsearch index where it should match field "connectorSpecific.hostname.keyword" with value "tyco-fire.com" and field "hasForms" with value true.
Below is my elasticsearch query:
GET index1/_search
{
"query": {
"bool": {
"should": [
{ "match": { "connectorSpecific.hostname.keyword": "tyco-fire.com" }},
{ "match": { "hasForms": true }}
]
}
}
}
This query is returning records which also has field "hasForms" with value false. Not sure why.I am using a boolean should query.Any help is appreciated
If you want both constraints to match, then you should use bool/filter (or bool/must would work as well but since you're doing exact matching, you don't need scoring at all), like this:
GET index1/_search
{
"query": {
"bool": {
"filter": [
{ "match": { "connectorSpecific.hostname.keyword": "tyco-fire.com" }},
{ "match": { "hasForms": true }}
]
}
}
}
I am trying to write a query in elasticsearch with an exact match on multiple fields
I have the following query for an exact match for a single field:
GET /index/data/_search
{
"query": {
"term": {
"table":"abc"
}
}
}
Here the key is "table" and the value is "abc". I would like to add another key called "chair" with value "def for the exact match query.
Use a bool+must or bool+filter query, both act as logical and operator:
GET /index/data/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"table":"abc"
},
{
"term": {
"chair":"def"
}
]
}
}
}
Perhaps it's a basic question; by the way, I need to search in every indexed field and to have a specific fixed value for another field.
How can I do it?
Currently I have a simple: query( "aValue", array_of_models )
I tried many options without success, for example:
query({
"query": {
"bool": {
"query": "aValue",
"filter": {
"term": {
"published": "true"
}
}
}
}
})
I would prefer to avoid to specify the fields to search in because I use the same search params for different models.
I found a solution, perhaps it's not optimized but works:
{
"query": {
"bool": {
"should": [
{
"match": {
"_all": "aValue"
}
}
],
"filter": {
"term": {
"published": true
}
}
}
}
}
Not sure if I understood correctly your intention.
The _all field is as default enabled. So if you have no special mapping every indexed field value is added as text string to the _all field.
You can use the
Query String Query, https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html
Simple Query String Query, https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html
With a simple query like this, that should work for you.
GET my_index/_search
{
"query": {
"simple_query_string": {
"query": "aValue",
"fields": []
}
}
}
Both query types contains parameters, that should suffice your use case IMHO.