Is it possible to combine query_string and bool query in filter query?
For Example -
{
"filter": {
"query_string": {
"query": "field:text"
}
},
"bool": {
"should": {
"match": {
"field": "text"
}
}
}
}
bool is meant to be used to club various queries together into a single bool query.
You can use bool to combine multiple queries in this manner -
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}
The must clause will make sure all the conditions are matched.
You can also use should which will make sure either one of the query is matched in case of only should is used.
As bool is just another query type , you can also club bool queries inside bool queries as follows -
{
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "value"
}
}
]
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}
Related
The following documents should be found:
matches query 'my text' AND (has not field OR field with value)
I have tried the following:
GET /myIndex/_search
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "my text"
}
},
{
}
],
"filter": {
"bool": {
"must_not": {
"exists": {
"field": "myField"
}
},
"must": {
"terms": {
"myField": [
"myValue"
]
}
}
}
}
}
}
}
It should (but does not) work liek that:
bool combine via OR must and filter parts
first must select by query
filter uses bool which combines by OR must andmust_not`
But this behaves like must combined with must_not via AND clause. E.g. when I removed "must" or "must_not" query works.
How change query to combine "must" with "must_not" via OR clause?
Elasticsearch version is 5.3.2
You need an extra bool filter between the must and must_not terms.
You should also think about your myField field. If it is defined as text or as keyword.
Tested with elasticsearch 5.6.1 the following query works:
{
"query": {
"bool": {
"must": [{
"query_string": {
"query": "this is a text content"
}
}],
"filter": {
"bool": {
"should" : [{
"bool" : {
"must_not": {
"exists": {
"field": "myField"
}
}
}
},
{
"bool" : {
"must": {
"terms": {
"myField.keyword": ["my field exists and has a value"]
}
}
}
}]
}
}
}
}
}
On Elasticsearch 7.X, you can simply do:
{
"query": {
"bool": {
"must": [
{"match": {"field1": {"query": "Hero"}}}
],
"must_not": [
{"terms":{"field3":["Batman"]}},
]
}
}
}
I'm trying to have multiple wildcard query match in my elasticsearch query in Kibana. I can't quite figure it out.
Basically I want any document with an attribute type="erreur"
and I want to exclude all documents that match the strings "An established*" or "java.lang.*" on the field descr_courte
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte": ["An established*", "java.lang.*"]
}
}
}
}
}
if I put a single wildcard query it works fine
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"wildcard": {
"descr_courte":
"An established*"
}
}
}
}
}
the error I get:
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Can't get text on a START_ARRAY at 1:454"}],"type":"search_phase_execution_exception","reason":"all shards
Any idea?
Try putting them is separate clauses.
{
"query": {
"bool": {
"must": {
"term": {
"type": "erreur"
},
"must_not": [
{
"wildcard": {
"descr_courte": "An established*"
}
},
{
"wildcard": {
"descr_courte": "java.lang.*"
}
}
]
}
}
}
}
My guess is that you can't make an array for wildcard query like ["An established*", "java.lang.*"], so you need to:
{
"query": {
"{
"must": {
"term": {
"type": "erreur"
}
},
"must_not": {
"regexp": {
"descr_courte": "(An established|java\.lang\.).*"
}
}
}
}
}
More info about regexp query in https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-regexp-query.html
Another option is to combine your query terms with the logical operators NOT, AND and OR in the query string
{
"query": {
"query_string" : {
"query" : "type:erreur AND NOT(descr_courte:An established* OR descr_courte:java.lang.*)"
}
}
}
See more info at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_wildcards
I have a nested object named 'bundles', that usually contains more than one object. Using this query I can succesfully query on the id of an object in bundles, but I fail to write a query that can query on multiple id's. Suggestions?
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"match": {
"bundles.id": 43273
}
}
]
}
},
"inner_hits": {}
}
}
}
Perhaps you want "should" instead of "must" in the boolean filter. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"should": [
{
"match": {
"bundles.id": 43273
},
{
"match": {
"bundles.id": 433373
}
}
]
}
}
}
}
}
You could also use terms query if the field can be matched exactly. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"terms": {
"bundles.id": [1140000000, 114]
}
}
]
}
}
}
}
}'
I have a query with several "should" clauses:
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "<condition1>"
}
},
{
"query_string": {
"query": "<condition1>"
}
}
]
}
},
}
},
"size": 1000,
"sort": [
{
"#timestamp": {
"order": "asc"
}
}
]
}
How can I find out which query results were produced by condition1, and which by condition2? Is it possible to inject a field with different values for different conditions, or distinguish hits in any other way?
You can use named queries to achieve this.
{
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "<condition1>",
"_name": "sub_query_1"
}
},
{
"query_string": {
"query": "<condition1>",
"_name": "sub_query_2"
}
}
]
}
}
}
You result will then contain a matched_filters array with either sub_query_1, sub_query_2, or both in it.
Update
Play link: https://www.found.no/play/gist/af1a1fa2b5cf3aa279b1
I am trying to implement NOT condition in elasticsearch query.
Can I Implement filter inside bool or I need to write separate
filter as below. Any optimum solution is there?
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
]
}
},
"filter": {
"not": {
"filter": {
"term": {
"post_type": "page"
}
}
}
}
}
You can use a must_not clause:
{
"query": {
"bool": {
"must": [
{
"match": {
"_all": "fashion"
}
},
{
"term": {
"post_status": "publish"
}
}
],
"must_not": {
"term": {
"post_type": "page"
}
}
}
}
}
Also, I'd recommend using a match filter instead of query_string, as query_string requires the much more strict Lucene syntax (and is therefor more error prone), whereas match works more like a search box: it will automatically transform a human readable query to a Lucene query.