I am using a service which wraps requests to Elastic Search. This service only allows me to send the query property to Elastic Search. I want to tell Elastic Search to look only for matches in a certain field in a document.
For example, if this is my document:
{
name: 'foo',
value: 'true'
}
Then I want to tell Elastic Search to look only for documents where name equals foo.
The Elastic Search documentation says to do this by using the fields property like so:
{
"multi_match" : {
"query" : "this is a test",
"fields" : [ "subject^3", "message" ]
}
}
But I can ONLY access the query property, so I can't specify fields. Lower down on the page, under best fields it says that this is equivalent to doing something like +first_name:will +first_name:smith. But when I put this, it's looking for text that actually matches +first_name:will +first_name:smith in the value, rather than looking for a first_name field that has a value will.
Is it possible to specify what field to search in with Elastic Search using only the query property?
This sounds like a perfect match for query_string(https://www.elastic.co/guide/en/elasticsearch/reference/1.x/query-dsl-query-string-query.html). You can do something like this with it:
"query_string" : {
"query" : "subject:whatever OR message:whatever"
}
So, if you can change multi_match to query_string this would be what you are looking for.
Lucene supports fielded data. When performing a search you can either specify a field, or use the default field. The field names and default field is implementation specific.
You can search any field by typing the field name followed by a colon ":" and then the term you are looking for.
{
"query": {
"query_string": {
"query": "Name:\"foo bar cook\"",
"default_operator" : "or"
}
}
}
use default_operator and to perform AND operation, or to perform OR kind of operation among the values
Related
I'm looking for data in two fields with one filed must be the same, one using query
i have data
{
"NUMBER" : "5587120",
"SID" : "121213-13131-_X",
"ADDRESS" : "purwakarta"
}
i have tried use query string like this
GET test/_doc/_search
{
"query" : {
"bool" : {
"must" : [
{"match" : {"NUMBER" : "5587120"}}
],
"filter" : {
"query_string" : {
"default_field" : "SID.keyword",
"query" : "*X*"
}
}
}
}
when I enter the same text as the one recorded, the data I want appears, but when I write the text with lowercase, the data doesn't appear
As it's not clear from your question, that on which field you want the case insensitive search, based on the context I am assuming its the SID.keyword field.
Why your solution not working: Please note that keyword fields are not analyzed and indexed in elasticsearch as it is, so in case of your field SID.keyword you are providing its value 121213-13131-_X so it will be stored as it is, it will not create just one token which is exactly same as the provided value.
Now you are using the query_string on-field SID.keyword, hence your query string will use the same analyzer configured for the field which is the keyword analyzer which is again no-op analyzer, hence doesn't lowercase the *X* provided in the query.
Solution : If you want the insensitive search than instead of using the SID.keyword field, simply creates a custom analyzer which uses the keyword analyzer and then passes it to lowercase token filter, so your 121213-13131-_X will be converted to 121213-13131-_x(Note small case x). And then your query string will also use the same analyzer and will match the document as ultimately elasticsearch works on tokens match.
What is the difference between match query and query string query? Say, I have the following queries, do they have the same functionality?
GET /_search
{
"query": {
"match" : {
"_all" : "this is a test"
}
}
}
and:
GET /_search
{
"query": {
"query_string" : {
"query" : "this is a test",
}
}
}
Considering the fact that using query_string and not indicating any specific field, automatically _all field will be used
From elasticsearch documentation
Comparison match query to query_string / field
The match family of queries does
not go through a "query parsing" process. It does not support field
name prefixes, wildcard characters, or other "advanced" features. For
this reason, chances of it failing are very small / non existent, and
it provides an excellent behavior when it comes to just analyze and
run that text as a query behavior (which is usually what a text search
box does). Also, the phrase_prefix type can provide a great "as you
type" behavior to automatically load search results.
I have a match query searching for a type of doc:
{
"query": {
"bool": {
"should": {
"match": {
"ph1_enc": "EAAQnb1kMr/e2/ADqo"
}
}
}
}
}
"EAAQnb1kMr/e2/ADqo" is the string i'm trying to match, however in the search results I can see multiple records with substring "/e2/" are also returned.
Looks like "/e2/" is indexed separately, so that this could happen.I thought the match query is to do full-text match... Is it because I missed something when creating the template? Any idea?
Add-on instead of reindex, how to modify the query to match the exact value in the query?
Which analyzer do you set in the mapping to index your data?
If you are using the default one (standard analyzer), then according to the documentation, this uses the default tokenizer that seems to split also the text by slash ('/'). The documentation redirects here for more information about the tokenizer.
So, that will index the following words 'EAAQnb1kMr', 'e2', and 'ADqo'. Accordingly, your query value will also been analyzed the same way the field was indexed. That is why documents with 'e2' are also being returned.
If you don't need to tokenize the 'ph1_enc' field, you can just set its type in the mapping as 'keyword'.
"properties": {
"ph1_enc": {
"type": "keyword"
}
}
That will not analyze the field and it will match exactly while you query.
I hope that it helps.
Consider the following JSON file:
{
"titleSony": "Matrix",
"cast": [
{
"firstName": "Keanu",
"lastName": "Reeves"
}
]
}
Now, I know in ElasticSearch, you can apply a synonym token filter to field values as given in the following link: Elasticsearch Analysis: Synonym token filter.
Hence, I can create a "synonym.txt" file with Matrix => Matx, then if I search for titleSony:Matx, it will return the documents with Matrix as well.
Now, what I would like is to create a synonym for the field name titleSony. For example - titleSony => titleAll, such that when I search for titleAll, I should get all documents with titleSony as well.
Is there any way to accomplish this in ElasticSearch?
Now, what I would like is to create a synonym for the field name "titleSony". For example - titleSony => titleAll , hence when I search for "titleAll", I should get all documents with "titleSony" as well.
Yes, somewhat. Elasticsearch has some default behavior very similar to this, which I'll touch on in a bit.
The feature you're looking for is called "Copy to field." It allows you to specify that the terms in one field should be copied into another. This is useful for consolidating terms you expect to match into a single field, to help simplify your query when you would like to match against any one of a number of fields.
In this example, you would specify in your mapping that the terms in the titleSony field ought to be copied into the titleAll field. Presumably you'd have other fields (say, titleDisney) which also copy into that field as well. So a search against titleAll will effectively match the other fields whose terms are copied into it.
An excerpt of your mapping might look something like this:
{
"movies" : {
"properties" : {
"titleSony" : { "type" : "string", "copy_to" : "titleAll" },
"titleDisney" : { "type" : "string", "copy_to" : "titleAll" },
"titleAll" : { "type" : "string" },
"cast" : { ... },
...
}
}
I mentioned earlier that Elasticsearch does something like this. By default it creates a special field called _all into which all the document's terms are copied. This field lets you construct very simple queries to match against terms that occur in any field on the document. So as you see, this is a fairly common convention in Elasticsearch. (Elasticsearch mapping: _all field.)
I have been given a problem where I need to perform a search based on different fields.For example,On UI the user is giving several search option like company name,department,state/province,title country and region.
The user selects few of these options like company name,department,state.I need to perform the search on these fields and return the results.
Can I do this with the help of aggregation in elastic search?Can anyone give me detailed example on how this can be done.
I did a few example like performing aggregation on gender.the query is as follows:-
"aggs" :{"group_by_gender" :{"terms" :{"field" : "gender"}}
When I ran this type of query all the sources(from documents) were returned.So,I was kind of confused whether aggregation is actually performed.
Thanks in Advance
Aggregations are meant to make statistics over the values of fields. If you need to search documents depending on fields, you need to make (boolean) queries.
Example:
POST myIndex/_search
{
"bool" : {
"must" : [
{"term" : { "name" : "kimchy" }},
{"term" : { "state" : "unicorn planet" }}
]
}
}
Elastic search boolquery
boolean query has different parameters like must , should , match ,match all , filter.
hope this will help.