Here is two queries.
First:
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "27444.2",
"default_field": "text"
}
}
}
},
"from": 0,
"size": 50
}
Second:
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "27444.2"
}
}
}
},
"fields": ["text"],
"from": 0,
"size": 50
}
The only difference between them is that in first i use default_field to specify a field to search, and in second i specify it through fields param. The field name is the same.
I expect both variant to produce same results, but thats not the case. The first variant doesn't return any results, and the second return a result. So what im doing wrong here? Where is the catch
elasticsearch 1.4.2
The way you have given fields param is wrong.
In the second case you are referring to the field params in the query where you are restricting the results to show only certain fields and not the entire _source
The following one is what you are looking for -
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "27444.2",
"fields": ["text"]
}
}
}
},
"from": 0,
"size": 50
}
2 queries are not the same.
First searches the field 'text' and second searches all fields and in response, returns only 'field'.
Related
I have the following query running over multiple indexes. I want to have pagination per index.
I don't want to lose results just because one index has more results than the other.
GET /research-one,research-two/_search
{
"query": {
"bool": {
"should": [
{
"match_phrase": {
"urls.value": "https://www.stackoverflow.com"
}
},
{
"query_string": {
"default_field": "urls.value",
"query": "https://stackexchange.com/*"
}
}
]
}
},
"size": 20,
"from": 0
}
Let's say that in this case, research-one has 10000 results and research-two has 2 results.
I don't know head which one has more results.
Thanks
I have an index with following document structure with 5 fields. I have written a search query as follows :
{
"query": {
"query_string": {
"fields": [
"field1.keyword",
"field2.keyword",
"field3.keyword"
],
"query": "*abc*"
}
},
"from": 0,
"size": 1000
}
This works fine but as a new requirement I have to search only in documents where field4 has a given set of values suppose (1,2,3) and omit rest of the documents.
It is possible for me to obtain a list of field4 values which are to be omitted as they are present in the db with skip status.
Please suggest a solution for the same.Thanks in advance.
I suggest using a filter query inside a bool query to match the docs that meet the condition.
{
"query": {
"bool": {
"must": {
"query_string": {
"fields": [
"field1.keyword",
"field2.keyword",
"field3.keyword"
],
"query": "*abc*"
}
},
"filter": {
"terms": {
"field4.keyword": [1, 2, 3]
}
}
}
}
}
I'm trying to write a query in ElasticSearch where I combine multi_match with filter for an id or a number og ids.
This is what i have so far:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "Kasper",
"fields": ["name", "first_name", "last_name"]
}
},
"filter": {
"term": {
"user_id": "ea7528f0-1b8a-11e8-a492-13e39bbd17cb"
}
}
}
}
}
The "must" part of the query works perfectly, and when I run it alone, I get two results.
When I pick out the "user_id" from one of the two results and adds the "filter" part of the query with that id, I get nothing.
What I really want to do is have something like in SQL where user_id in ('id1', 'id2'), so the filtering would be something like:
...,
"filter": {
"terms": {
"user_id": ["ea7528f0-1b8a-11e8-a492-13e39bbd17cb"]
}
}
Did I misunderstand something here?
I'm guessing that this is because user_id field is treated as a text and is analyzed. You should use keyword type in this situation (you need just change the mapping of user_id field.
Another way (if you are on Elasticsearch 5+) you can search in keyword subfield. Just try use below query:
{
"query": {
"bool": {
"must": {
"multi_match": {
"query": "Kasper",
"fields": ["name", "first_name", "last_name"]
}
},
"filter": {
"term": {
"user_id.keyword": "ea7528f0-1b8a-11e8-a492-13e39bbd17cb"
}
}
}
}
}
I only changed "user_id" to "user_id.keyword" in your query.
I am using Elasticsearch I want to write a query for getting unique record on the basis of query and group:
SELECT * from users where name='%john%', age='21', location='New York' group by name
Could you please let me know how to write the query in elasticsearch with query.
It would go something like this. You need a filtered query with a query_string in the query part to match *john* and then two filters in the filter part to match the age and the location. Finally, the grouping is achieved using a terms aggregation.
{
"query": {
"query": {
"query_string": {
"query": "*john*",
"default_field": "name"
}
},
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"age": 21
}
},
{
"term": {
"location": "New York"
}
}
]
}
}
}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "name"
}
}
}
}
I'm trying to filter by terms within an array on elasticsearch documents. This is what the documents look like:
{
"name": "Foo",
"id": 10,
"industries": ["Tech", "Fashion"],
...
}
But for the various filter-based queries I try, I've gotten zero results. e.g.:
$ curl -XGET 'http://localhost:9200/_search?pretty=true' -d '
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [{
"terms": {
"industries": ["Tech"],
"execution": "or"
}
}]
}
},
"query": {"match_all": {}}
}
},
"from": 0,
"size": 20
}
'
I've tried about a dozen different queries against various simplifications and filter clauses, e.g. here's a simplified one:
$ curl -XGET 'http://localhost:9200/_search?pretty=true' -d '
{
"query": {
"filtered": {
"filter": {
"terms": {
"industries": ["Tech"],
"execution": "or"
}
}
}
},
"from": 0,
"size": 20
}
'
What am I missing here?
What analyzer are you using for the industries field? If you are using the default, it will actually lower case and split your stings, which would explain why your filters aren't picking those documents up (e.g., it's looking for "Tech" when only "tech" exists). If you set the mapping to not_analyzed (or use the multi fields option), that might solve your problem.