I'm trying to query for an empty field. In SQL parlance, I would do the following:
select * from cars where cartype="Auto" and make="Ferrari" and color="" and model="" and seats in ["", "bench"]
I'm doing the following, but I'm getting an error
{
"query": {
"bool": {
"must": [
{
"match": {
"CarType": "Auto"
}
},
{
"match": {
"Make": "Ferrari"
}
}
],
"must_not": [
{
"existence": true,
"field": "Color",
"null_value": true
},
{
"existence": true,
"field": "Model",
"null_value": true
}
]
}
}
}
But I get the following: "Parse Failure [Failed to parse source .... nexted: query malformed"
I'm following the example here
try like this
{
"query": {
"bool": {
"must": [
{
"match": {
"CarType": "Auto"
}
}
,
{
"match": {
"Make": "Ferrari"
}
}
], "must_not": [
{
"missing":{
"field":"Model",
"existence":true,
"null_value":true
}
},
{
"missing":{
"field":"Color",
"existence":true,
"null_value":true
}
}
]
}
}
}
Related
I'm trying to get the result of all the records where the field iso3 contains some values and null, but I always get the following error:
{
"code": 400,
"error": "RequestError(400, 'parsing_exception', '[or] query malformed, no start_object after query name')"
}
this is the query:
{
"query": {
"bool": {
"should": [
{"term":{"iso3":"afg"}},
{"term":{"iso3":"idn"}},
{"term":{"iso3":"bgd"}},
{
"or": [
{"term": { "iso3": "" } },
{"term": { "iso3": null}}
]
}
]
}
},
"size": 20
}
so this part is wrong, but I cant understand why
{
"or": [
{"term": { "iso3": "" } },
{"term": { "iso3": null}}
]
}
There is no or query, but you can achieve what you need with the following query:
{
"query": {
"bool": {
"minimum_should_match": true,
"should": [
{
"term": {
"iso3": "afg"
}
},
{
"term": {
"iso3": "idn"
}
},
{
"term": {
"iso3": "bgd"
}
},
{
"term": {
"iso3": ""
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "iso3"
}
}
}
}
],
"filter": [
{
"exists": {
"field": "iso2"
}
}
]
}
},
"size": 20
}
Can somebody explain me please what is wrong with this query? I need to convert this generated query from Elasticsearch 2 to Elasticsearch 6. In ES2 this one works well, but in ES6 it throws me an error: [or] query malformed, no start_object after query name. I am lost in it. OR is necessary cause there could be more conditions than this one.
{
"query": {
"bool": {
"filter": {
"or": [
{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [
{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}
]
}
}
},
"size": 20,
"sort": [
{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
Thanks.
In ES6 there is afaik no "OR" Query (https://www.elastic.co/guide/en/elasticsearch/reference/6.4/query-dsl-or-query.html). You should use a bool query and use there the "should" Part (https://www.elastic.co/guide/en/elasticsearch/reference/6.4/query-dsl-bool-query.html).
{
"query": {
"bool": {
"filter": [{
"bool": {
"should": [{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}]
}
}]
}
},
"size": 20,
"sort": [{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
Try changing "filter-or" with should
{
"query": {
"bool": {
"should" : [
{
"nested": {
"path": "zalozcovia",
"query": {
"bool": {
"filter": [
{
"match": {
"zalozcovia.meno": "\u013dubo\u0161"
}
},
{
"match": {
"zalozcovia.priezvisko": "Majgot"
}
},
{
"match": {
"zalozcovia.mesto": "Trnava"
}
}
]
}
}
}
}
]
}
},
"size": 20,
"sort": [
{
"rok": "desc"
},
{
"cislo": "desc"
}
]
}
I'm trying to accomplish what boils down to a boolean AND on nested documents in ElasticSearch. Let's say I have the following two documents.
{
"id": 1,
"secondLevels": [
{
"thirdLevels": [
{
"isActive": true,
"user": "anotheruser#domain.com"
}
]
},
{
"thirdLevels": [
{
"isActive": false,
"user": "user#domain.com"
}
]
}
]
}
{
"id": 2,
"secondLevels": [
{
"thirdLevels": [
{
"isActive": true,
"user": "user#domain.com"
}
]
}
]
}
In this case, I want to only match documents (in this case ID: 2) that have a nested document with both isActive: true AND user: user#domain.com.
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "secondLevels.thirdLevels",
"query": {
"bool": {
"must": [
{
"term": {
"secondLevels.thirdLevels.isActive": true
}
},
{
"term": {
"secondLevels.thirdLevels.user": "user#domain.com"
}
}
]
}
}
}
}
]
}
}
}
However, what seems to be happening is that my query turns up both documents because the first document has one thirdLevel that has isActive: true and another thirdLevel that has the appropriate user.
Is there any way to enforce this strictly at query/filter time or do I have to do this in a script?
With nested-objects and nested-query, you have made most of the way.
All you have to do now is to add the inner hits flag and also use source filtering for move entire secondLevels documents out of the way:
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "secondLevels.thirdLevels",
"query": {
"bool": {
"must": [
{
"term": {
"secondLevels.thirdLevels.isActive": true
}
},
{
"term": {
"secondLevels.thirdLevels.user": "user#domain.com"
}
}
]
}
},
"inner_hits": {
"size": 100
}
}
}
]
}
}
}
I have two queries in ES. Both have different turnaround time on the same set of documents. Both are doing the same thing conceptually. I have few doubts
1- What is the difference between these two?
2- Which one is better to use?
3- If both are same why they are performing differently?
1. Filtered bool
{
"from": 0,
"size": 5,
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"called_party_address_number": "1987112602"
}
},
{
"term": {
"original_sender_address_number": "6870340319"
}
},
{
"range": {
"x_event_timestamp": {
"gte": "2016-07-01T00:00:00.000Z",
"lte": "2016-07-30T00:00:00.000Z"
}
}
}
]
}
}
}
},
"sort": [
{
"x_event_timestamp": {
"order": "desc",
"ignore_unmapped": true
}
}
]
}
2. Simple Bool
{
"query": {
"bool": {
"must": [
{
"term": {
"called_party_address_number": "1277478699"
}
},
{
"term": {
"original_sender_address_number": "8020564722"
}
},
{
"term": {
"cause_code": "573"
}
},
{
"range": {
"x_event_timestamp": {
"gt": "2016-07-13T13:51:03.749Z",
"lt": "2016-07-16T13:51:03.749Z"
}
}
}
]
}
},
"from": 0,
"size": 10,
"sort": [
{
"x_event_timestamp": {
"order": "desc",
"ignore_unmapped": true
}
}
]
}
Mapping:
{
"ccp": {
"mappings": {
"type1": {
"properties": {
"original_sender_address_number": {
"type": "string"
},
"called_party_address_number": {
"type": "string"
},
"cause_code": {
"type": "string"
},
"x_event_timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
.
.
.
}
}
}
}
}
Update 1:
I tried bool/must query and bool/filter query on same set of data,but I found the strange behaviour
1-
bool/must query is able to search the desired document
{
"query": {
"bool": {
"must": [
{
"term": {
"called_party_address_number": "8701662243"
}
},
{
"term": {
"cause_code": "401"
}
}
]
}
}
}
2-
While bool/filter is not able to search the document. If I remove the second field condition it searches the same record with field2's value as 401.
{
"query": {
"bool": {
"filter": [
{
"term": {
"called_party_address_number": "8701662243"
}
},
{
"term": {
"cause_code": "401"
}
}
]
}
}
}
Update2:
Found a solution of suppressing scoring phase with bool/must query by wrapping it within "constant_score".
{
"query": {
"constant_score": {
"filter": {
"bool": {
"must": [
{
"term": {
"called_party_address_number": "1235235757"
}
},
{
"term": {
"cause_code": "304"
}
}
]
}
}
}
}
}
Record we are trying to match have "called_party_address_number": "1235235757" and "cause_code": "304".
The first one uses the old 1.x query/filter syntax (i.e. filtered queries have been deprecated in favor of bool/filter).
The second one uses the new 2.x syntax but not in a filter context (i.e. you're using bool/must instead of bool/filter). The query with 2.x syntax which is equivalent to your first query (i.e. which runs in a filter context without score calculation = faster) would be this one:
{
"query": {
"bool": {
"filter": [
{
"term": {
"called_party_address_number": "1277478699"
}
},
{
"term": {
"original_sender_address_number": "8020564722"
}
},
{
"term": {
"cause_code": "573"
}
},
{
"range": {
"x_event_timestamp": {
"gt": "2016-07-13T13:51:03.749Z",
"lt": "2016-07-16T13:51:03.749Z"
}
}
}
]
}
},
"from": 0,
"size": 10,
"sort": [
{
"x_event_timestamp": {
"order": "desc",
"ignore_unmapped": true
}
}
]
}
ElasticSearch Version: 0.90.1, JVM: 1.6.0_51(20.51-b01-457)
I'm trying to do two things with my ElasticSearch query: 1) filter the results based on a boolean (searchable) and "open_date < tomorrow" and 2) two sort by the field "open_date" DESC
This produces the following query:
{
"query": {
"bool": {
"should": [
{
"prefix": {
"name": "foobar"
}
},
{
"query_string": {
"query": "foobar"
}
},
{
"match": {
"name": {
"query": "foobar"
}
}
}
],
"minimum_number_should_match": 1
},
"filtered": {
"filter": {
"and": [
{
"term": {
"searchable": true
}
},
{
"range": {
"open_date": {
"lt": "2013-07-16"
}
}
}
]
}
}
},
"sort": [
{
"open_date": "desc"
}
]
}
However, the results that come back are not being sorted by "open_date". If I remove the filter:
{
"query": {
"bool": {
"should": [
{
"prefix": {
"name": "foobar"
}
},
{
"query_string": {
"query": "foobar"
}
},
{
"match": {
"name": {
"query": "foobar"
}
}
}
],
"minimum_number_should_match": 1
}
},
"sort": [
{
"open_date": "desc"
}
]
}
... the results come back as expected.
Any ideas?
I'm not sure about the Tire code, but the JSON does not correctly construct a filtered query. My guess is that this overflows and causes the sort element to also not be correctly parsed.
A filtered query should be constructed like this (see http://www.elasticsearch.org/guide/reference/query-dsl/filtered-query/ ):
{
"query": {
"filtered": { // Note: this contains both query and filter
"query": {
"bool": {
"should": [
{
"prefix": {
"name": "foobar"
}
},
{
"query_string": {
"query": "foobar"
}
},
{
"match": {
"name": {
"query": "foobar"
}
}
}
],
"minimum_number_should_match": 1
}
},
"filter": {
"and": [
{
"term": {
"searchable": true
}
},
{
"range": {
"open_date": {
"lt": "2013-07-16"
}
}
}
]
}
}
},
"sort": [
{
"open_date": "desc"
}
]
}
Cheers,
Boaz