I want to query data from elasticsearch similar to this:
Select * From tbl where field not in (...)
Is there a way to add not in type logic to the elasticsearch query below?
GET /index/type/_search
{
"query": {
"match": {
"FIELD": "TEXT"
}
}
}
Use boolQuery and within bool query use mustNot
{
"query": {
"bool": {
"must_not": [
{
"match": {
"FIELD": "TEXT"
}
}
]
}
}
}
Related
I have below elasticsearch query and I want to set the priority order in my query.
irrespetive of scoure.
eg:
like if I set priority of attack_id > name > description
in the match query, then the result should come in this sorted order
attack_id, name, description
and if I set name > attack_id > description
name, attack_id, description
boosting query
function query I have tried both of these but don't get success. so I will be very grateful if someone helps me with this.
GET tridant_testing/_search
{
"query": {
"bool": {
"should": [
{
"match": {
"attack_id": "T1592"
}
},
{
"match": {
"name": "T1592"
}
},
{
"match": {
"description": "T1592"
}
}
]
}
}
}
You can use boost param in match query to boost specific query clause like below:
{
"query": {
"bool": {
"should": [
{
"match": {
"attack_id": {
"query": "T1592",
"boost": 6
}
}
},
{
"match": {
"name": {
"query": "T1592",
"boost": 3
}
}
},
{
"match": {
"description": {
"query": "T1592"
}
}
}
]
}
}
}
Note: You may need to increase or decrease boost value as per your need.
I have data in the following format:
{ "_id":1,
"s_id":121211,
"data_detail":{
"name":"John",
"phone_number":08089320xxx,
"city":"ABC"
}
}
I need to search data through elastic search which will query where s_id=? and any text which is available in data_detail object. Example s_id=121211 AND ABC. I need wildcard on data_detail object.
Keys for the data_detail object is not fixed.
Thanks in advance.
I would consider using a bool query with multi_match and term query like this. I haven't tested this, but something on these lines should work I guess.
GET test_index/_search
{
"query": {
"nested": {
"path": "data_detail",
"query": {
"bool": {
"must": [
{
"multi_match": {
"query": "ABC",
"fields": [
"data_detail.*"
]
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
}
}
Solved this by using the following query:
{
"query": {
"bool": {
"must": [
{
"query_string":{
"fields":["data_detail.*"],
"query": "*str*",
"analyze_wildcard":true
}
},
{
"term": {
"s_id": {
"value": "121211"
}
}
}
]
}
}
}
I have a query to search for a provider_id from the Elastic Search Cluster. I am using the below query to get results for a single provider_id but need help in figuring out how can I pass a list of providers.
{
"query": {
"bool": {
"must": [{
"match": {
"message.provider_id": {
"query": 943523,
"type": "phrase"
}
}
}]
}
}
}
Suppose I want to search for provider_ids = [913523, 923523, 923523, 933523, 953523] then how should I modify the query?
You could index the provider_id as not_analyzed and then use a terms query:
POST /test_index/_search
{
"query": {
"terms": {
"message.provider_id": [
"913523", "923523", "923523", "933523", "953523"
]
}
}
}
or as a bool query with a filter if you are not going to need the score:
POST /test_index/_search
{
"query": {
"bool": {
"filter": [
{
"terms": {
"message.provider_id": [
"913523", "923523", "923523", "933523", "953523"
]
}
}
]
}
}
}
I am using Elasticsearch I want to write a query for getting unique record on the basis of query and group:
SELECT * from users where name='%john%', age='21', location='New York' group by name
Could you please let me know how to write the query in elasticsearch with query.
It would go something like this. You need a filtered query with a query_string in the query part to match *john* and then two filters in the filter part to match the age and the location. Finally, the grouping is achieved using a terms aggregation.
{
"query": {
"query": {
"query_string": {
"query": "*john*",
"default_field": "name"
}
},
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"age": 21
}
},
{
"term": {
"location": "New York"
}
}
]
}
}
}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "name"
}
}
}
}
Is it possible to combine query_string and bool query in filter query?
For Example -
{
"filter": {
"query_string": {
"query": "field:text"
}
},
"bool": {
"should": {
"match": {
"field": "text"
}
}
}
}
bool is meant to be used to club various queries together into a single bool query.
You can use bool to combine multiple queries in this manner -
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}
The must clause will make sure all the conditions are matched.
You can also use should which will make sure either one of the query is matched in case of only should is used.
As bool is just another query type , you can also club bool queries inside bool queries as follows -
{
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "value"
}
}
]
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}