If I do a search directly to elasticsearch in a browser, such as:
http://localhost:9200/mydocs/_search?q=Awesome%20Search
What does the search body data actually look like? Is it doing a multi_match and including all fields? I've tried writing a multi_match including all the fields and I get different results from doing it right in the browser.
?q=.... is not a multi_match query, this is URI query and it's using query_string query.
So your search is "translated" to:
{
"query": {
"query_string": {
"query": "Awesome Search"
}
}
}
You need to pass multi_match query as request body like this
curl -XGET 'http://localhost:9200/your_index/_search?pretty=true' -d '{"query":{"multi_match":{"query":"keyword","fields":["field1","field2"]}}}'
Related
The following query is not working when "metadata.name" has "-" in the text like "demo-application-child3" . But if I remove "-" and make the query to "demoapplicationchild3". It works. The same with other field metadata.version. I've the data for both demoapplicationchild3 and demo-application-child3. suggestions please.
{
"query": {
"bool": {
"filter": [
{"term": { "metadata.name": "demo-application-child3" }},
{"term": { "metadata.version": "00.00.100" }}]
}
}
}
term queries are not analyzed see the official doc which clearly mention this
Returns documents that contain an exact term in a provided field.
Which clearly means that index time you are using some custom analyzer which is removing - and joining the tokens ie for demo-application-child3 your custom analyzer would be generating demoapplicationchild3 token, which you can easily confirm using the Analyze api.
If you want to get result either change term query to match query or use the .keyword suffix with your field if mappping is generated dynamically or create another field which is of type keyword which uses no-op analyzer.
This query works great from Kibana's Console:
GET /_search
{
"query": {
"query_string": {
"query": "_exists_:my.field"
}
}
}
However if I search for _exists_:my.field in the Lucene search box on the Discover tab, I get no results.
Either:
Disable the new search syntax and revert to Lucene syntax, where this query works. This is under the "Options" button at the far right of the search field.
Use the new syntax, where the query is instead my.field:*.
As a user of ElasticSearch 5, I have been using something like this to search for a given phrase in all fields:
GET /my_index/_search
{
"query": {
"match_phrase": {
"_all": "this is a phrase"
}
}
}
Now, the _all field is going away, and match_phrase does not seem to work like query_string, where you can simply use something like this to run a search for all fields:
"query": {
"query_string": {
"query": "word"
}
}
What is the alternative for a exact phrase search for all fields without using the _all field from version 6.0?
I have many fields per document so specifying all of them in the query is not really a solution for me.
You can find answer in Elasticsearch documentation https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-all-field.html
It says:
Use a custom field and the mapping copy_to parameter
So, you have to create custom fields in source, and copy all other fields to it.
In elasticsearch, i can access the default search api like
server: 9200/index/_search?q=keyword but how can i replicate this if I am building the query myself? I've tried multi_match and query string, but the result set seem a bit different than the default search api.
PS: i am using elasticsearch PHP client, if that matters
The equivalent query to server:9200/index/_search?q=keyword is a query_string query like this one
{
"query": {
"query_string": {
"query": "keyword"
}
}
}
If I made a request using the URL:
http://myserver/stuff/stuff/_search?q=TEST
Then what is the equivalent document that I would POST to that endpoint without a query string?
I've tried:
{
query: {
term: { "_all": "TEST" }
}
}
But with how our indexes are set up this doesn't return anything (but ?q=TEST does). The most basic search example in the API specifies a field to search against and I don't want to do that. I want to search as open ended and unrestricted as if I had used the query string.
As mentioned in the official documentation, an URI search query string query (i.e. q=...) is equivalent to sending a query_string query in the body.
So this
curl -XGET http://myserver/stuff/stuff/_search?q=TEST
is equivalent to this
curl -XPOST http://myserver/stuff/stuff/_search -d '{
"query": {
"query_string": {
"query": "TEST"
}
}
}'
Both queries will default to searching against the _all field, which is what you want.
q is The query string (maps to the query_string query, see Query
String Query for more details.
From the documentation.
https://www.elastic.co/guide/en/elasticsearch/reference/2.x/search-uri-request.html
This is the corresponding query DSL:
{
query: {
"query_string": { "_all": "TEST" }
}
}
Also relevant:
The default field for query terms if no prefix field is specified.
Defaults to the index.query.default_field index settings, which in
turn defaults to _all.