Develop Reference

why minimum_should_match does not return multiple match?

i am refering to this question
How to use "OR" in Dev Tool Query
While trying to extend this to 3 Match with a minimum should match number to 2 it does not return any when i set it like this ""minimum_should_match":1" its works, but only gives 1 match, but when i do like this ""minimum_should_match":2" then it does not return anything, where as i know the query should found minimum 2 match which are in the log
so what i am doing wrong ?
GET _search
{
"query":{
"bool":{
"must":[
{
"match":{
"log.file.path":"mylog.log"
}
},
{
"term":{
"GPS-LOG.IMEI":{
"value":"1234567"
}
}
},
{
"bool":{
"should":[
{
"term":{
"GPS-LOG.COMMAND":{
"value":"HB"
}
}
},
term":{
"GPS-LOG.COMMAND":{
"value":"DB"
}
}
},
{
"term":{
"GPS-LOG.COMMAND":{
"value":"TR"
}
}
}
],
"minimum_should_match":1
}
}
],
"filter":{
"range":{
"#timestamp":{
"gte":"now-10m"
}
}
}
}
}
}

Filtering and matching with an elasticsearch query

I am having trouble applying a secondary filter to my elasticsearch query below. Only the first filter is matching. I want both filters to apply to the query.
"query": {
"bool": {
"must": [
{
"bool": {
"filter": {
"range": {
"#timestamp": {
"gte": "2019-03-12",
"lte": "2019-03-13"
}
}
}
}
},
{
"bool": {
"filter": {
"bool": {
"must": {
"match": {
"msg_text": "foo AND bar"
}
}
}
}
}
}
]
}
}

Well I've mentioned two solutions, first one makes use of Match Query while the second one makes use of Query String.
Also I'm assuming msg_text field is of type text.
Difference is that, query_string uses a parser, that would parse the text you mention based on the operators like AND, OR.
While match query would read the text, analyse the text and based on it constructs a bool query. In the sense you don't need to mention operators and it won't work
You can read more about them in the links I've mentioned.
1. Using Match Query
POST <your_index_name>/_search
{
"query":{
"bool":{
"filter":{
"bool":{
"must":[
{
"range":{
"#timestamp":{
"gte":"2019-03-12",
"lte":"2019-03-13"
}
}
},
{
"match":{
"msg_text":"foo bar"
}
}
]
}
}
}
}
}
2. Using Query String
POST <your_index_name>/_search
{
"query":{
"bool":{
"filter":{
"bool":{
"must":[
{
"range":{
"#timestamp":{
"gte":"2019-03-12",
"lte":"2019-03-13"
}
}
},
{
"query_string":{
"fields": ["msg_text"], <----- You can add more fields here using comma as delimiter
"query":"foo AND bar"
}
}
]
}
}
}
}
}
Technically nothing is wrong with your solution, in the sense, it would work, but I hope my answers clear, simplifies the query and helps you understand what you are trying to do.
Let me know if it helps!

Filtering ElasticSearch query where date value is lte a given value or missing

I need to filter an ES query where the value of a date field is LTE a given value or the field is missing altogether. Here's my query at this point:
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"must":[
{
"bool":{
"should":[
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"must_not":[
{
"exists":{
"field":"category.object.startdate"
}
}
]
}
]
}
}
]
}
}
}
}
]
}
}
}
When I submit that query, I get the error "[must_not] query malformed, no start_object after query name". We're running ElasticSearch version 5.3.1 in case that matters.

I refactored the query a bit. Removed a must, added a bool for the must_not.
{
"from":0,
"size":50,
"query":{
"bool":{
"filter":[
{
"term":{
"corpusid.string.as_is":"42:6:4"
}
},
{
"nested":{
"path":"category.object",
"query":{
"bool":{
"should": [
{
"range":{
"category.object.startdate":{
"lte":"2021-03-09T19:32:11.316Z"
}
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "category.object.startdate"
}
}
}
}
]
}
}
}
}
]
}
}
}

How to filter a field using Elastic Search

I'm trying to create a query with elasticsearch to filter the records of the same city and price.
But the city filter is not working.
POST diadeturista/services/_search
{
"query":{
"bool":{
"must":[
],
"filter":{
"bool":{
"must":{
"terms":{
"city":[
"Contagem"
]
},
"range":{
"price_adult":{
"lte":"300",
"gte":"150"
}
}
}
}
}
}
}
}
SHow me this error:
[terms] malformed query, expected [END_OBJECT] but found [FIELD_NAME]

I think what you want todo is
{
"query":{
"bool":{
"must": [
{
"terms":{
"city":[
"Contagem"
]
}
},
{
"range":{
"price_adult":{
"lte":"300",
"gte":"150"
}
}
}
]
}
}
}

Which DSL is correct for performing a pre-filtered query?

I've looked back at some queries I have saved, and it appears I've managed to achieve essentially the same query in three different ways. They all return the same data, but which one is 'correct'? I.e., which one contains no superfluous code and is most performant?
Option 1
{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 2
{
"query":{
"filtered":{
"filter":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
Option 3
{
"query":{
"filtered":{
"query":{
"bool":{
"must":[
{
"match":{
"event":"eventname"
}
},
{
"range":{
"#timestamp":{
"gt":"now-70s"
}
}
}
]
}
}
}
},
"aggs":{
"myterms":{
"terms":{
"field":"fieldname"
}
}
}
}
If I were to guess, I'd go for Option 2, as the others appear that they might be running match as query. But the documentation is pretty confusing regarding the correct form that DSL queries should take.

Based on your comment, I'd go for option 2 but with a simple term filter for starters instead of match which isn't allowed in filters.
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"event": "eventname"
}
},
{
"range": {
"#timestamp": {
"gt": "now-70s"
}
}
}
]
}
}
}
},
"aggs": {
"myterms": {
"terms": {
"field": "event"
}
}
}
}