I'm adding a field to a doc like this:
curl -XPOST 'http://localhost:9200/imap_email/imap_bruce/12/_update' -d '{
"script" : "ctx._source.simperium = \"12345\""
}'
Looking at that doc, I can verify that it has added the field "simperium". The following query (and the many variations of it I've tried) simply return everything in my index.
{
"constant_score" : {
"filter" : {
"exists" : { "field" : "simperium" }
}
}
}
What do I need to do to get a strict list of all docs that do or don't have a specific field?
The majority of Elasitcsearch examples exclude the outer "query" : {} object for brevity. It's very annoying when starting out, but eventually you learn to accept it.
You most likely wanted this:
{
"query" : {
"constant_score" : {
"filter" : {
"exists" : { "field" : "simperium" }
}
}
}
}
Related
I am getting the results based on various filters in the Elasticsearch which also includes pagination.
Now I need to navigate between previous and next record from that search results, when we open a record of the search results.
Is there a way to achieve this through Elasticsearch?
You could use the from and size parameters of the Search API.
GET /_search
{
"from" : 0, "size" : 10,
"query" : {
"term" : { "user" : "kimchy" }
}
}
or
GET /_search?from=0&size=10
{
"query" : {
"term" : { "user" : "kimchy" }
}
}
Note the default value for size is 10.
Say I have a filter in query like this:
{
"query" : {
"filtered" : {
"filter" : {
"term" : {
"price" : 20
}
}
}
}
}
According to the official doc, there will be a filter cache associated to the key "price".
One day, I change the query as follow:
{
"query" : {
"filtered" : {
"filter" : {
"term" : {
"price" : 20,
"_cache" : false
}
}
}
}
}
Will Elasticsearch automatically remove the exist cache?
Not really sure. It will probably be removed eventually but probably not immediately. It doesn't really matter however as setting _cache = false will tell elastic search to not use the cache even if it is technically still there. If you want to clear the cache manually there's an API for it.
Here is an example:curl -XPOST 'http://localhost:9200/twitter/_cache/clear
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-clearcache.html
Today I found weird behavior of elasticsearch 1.5.2
I'm indexing 2 documents:
POST http://localhost:9200/index/type {
"string":"a b"
}
POST http://localhost:9200/index/type {
"string" : "c d"
}
And following query returns no hits (why?):
POST http://localhost:9200/index/type/_search
{
"query" : {
"query_string" : {
"query_string" : {
"query" : "string:a AND string:b OR string:c AND string:d"
}
}
}
}
But the same query with brackets over ANDs returns 2 documents, as expected:
POST http://localhost:9200/index/type/_search
{
"query" : {
"query_string" : {
"query_string" : {
"query" : "(string:a AND string:b) OR (string:c AND string:d)"
}
}
}
}
According to specification
(https://www.elastic.co/guide/en/elasticsearch/reference/1.5/query-dsl-query-string-query.html)
NOT takes precedence over AND, which takes precedence over OR
so both queries must return same result.
Is it bug or I've missed something?
Thanks in advance!
The query mentioned by you
"query" : "string:a AND string:b OR string:c AND string:d"
works as all a,b and d should be present in string and if c is present then that document will be boosted up .
That's why it looks for a,b and d which it doesn't find in any document and displays no result.
As per the specification here:
AND and OR can affect the terms to the left and right.
You can also refer this
i have logs like:
{
"a":"XXX",
"b":"YYY",
"token":"acquired"
}
Also, i have logs that do not have this token key set. Kibana's terms panel tells that they are around by showing them as Missing fields(3047). How can i query all docs that do not have the token key set?
You can query in ES for missing fields:
From: http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/_dealing_with_null_values.html
GET /my_index/posts/_search
{
"query" : {
"filtered" : {
"filter": {
"missing" : { "field" : "token" }
}
}
}
}
Is it possible to use a manually created histogram facet (or the results of its curl request) like this one in a Kibana dashboard:
{
"query" : {
"match_all" : {}
},
"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour * factor1",
"value_script" : "doc['num1'].value + factor2",
"params" : {
"factor1" : 2,
"factor2" : 3
}
}
}
}
}
Thanks
It looks like it will be supported in Kibana4, but there doesn't seem to be much more info out there than that.
For reference: https://github.com/elasticsearch/kibana/issues/1249