I am trying to add the partial_fields directive to an elasticsearch query (generated from kibana's table widget).
Where exactly would I have to place this statement in the below ES query?
Already tried to add it right after the first "query" node which produces valid json but still doesn't exclude xmz_Data
"partial_fields": {
"partial1": {
"exclude": "xmz_Data"
}
},
ES Query
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"match_all": {}
},
{
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
]
}
}
}
},
"highlight": {
"fields": {},
"fragment_size": 2147483647,
"pre_tags": [
"#start-highlight#"
],
"post_tags": [
"#end-highlight#"
]
},
"size": 250,
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
You can place the partial_fields directive anywhere in your query, I tested successfully with it both before and after the query node. However, your formatting for the excluded fields value is incorrect. Your exclude fields value needs to be an array. Try this instead...
"partial_fields": {
"partial1": {
"exclude": ["xmz_Data"]
}
},
Related
I have been following the guidelines from this post. I can get the desired output but in the same DSL how can I limit the size of results for each index ?
Full text Search with Multiple index in Elastic Search using NEST C#
POST http://localhost:9200/componenttypeindex%2Cprojecttypeindex/Componenttype%2CProjecttype/_search?pretty=true&typed_keys=true
{
"query": {
"bool": {
"should": [
{
"bool": {
"filter": [
{
"term": {
"_index": {
"value": "componenttypeindex"
}
}
}
],
"must": [
{
"multi_match": {
"fields": [
"Componentname",
"Summary^1.1"
],
"operator": "or",
"query": "test"
}
}
]
}
},
{
"bool": {
"filter": [
{
"term": {
"_index": {
"value": "projecttypeindex"
}
}
}
],
"must": [
{
"multi_match": {
"fields": [
"Projectname",
"Summary^0.3"
],
"operator": "or",
"query": "test"
}
}
]
}
}
]
}
}
}
With your given query, you could use aggregations to group and limit number of hits per index (in this case, limiting to 5):
{
"size": 0,
"query": {
... Same query as above ...
},
"aggs": {
"index_agg": {
"terms": {
"field": "_index",
"size": 20
},
"aggs": {
"hits_per_index": {
"top_hits": {
"size": 5
}
}
}
}
}
}
Currently using bool query which searches for a combination of both input words or either one of input word on field "Name". How to search on multiple fields using wild cards?
POST inventory_dev/_search
{"from":0,"query":{"bool":{"must":[{"bool":{"should":[{"term":{"Name":{"value":"dove"}}},{"term":{"Name":{"value":"3.75oz"}}},{"bool":{"must":[{"wildcard":{"Name":{"value":"*dove*"}}},{"wildcard":{"Name":{"value":"*3.75oz*"}}}]}}]}}]}},"size":10,"sort":[{"_score":{"order":"desc"}}]}
You can use query_string in place of wildcard query, to search on multiple fields
{
"from": 0,
"query": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"term": {
"Name": {
"value": "dove"
}
}
},
{
"term": {
"Name": {
"value": "3.75oz"
}
}
},
{
"bool": {
"must": [
{
"query_string": {
"query": "*dove*",
"fields": [
"field1",
"Name"
]
}
},
{
"query_string": {
"query": "*3.75oz*",
"fields": [
"field1",
"Name"
]
}
}
]
}
}
]
}
}
]
}
},
"size": 10,
"sort": [
{
"_score": {
"order": "desc"
}
}
]
}
We're using Elasticsearch 2.4.5. Have an application that can generate fairly complicated queries. I'm trying to add a more_like_this field to the query like so:
{
"query": {
"more_like_this": {
"fields": [
"title"
],
"ids": [
1234
],
"min_term_freq": 1,
"max_query_terms": 25
},
"function_score": {
"query": {
"bool": {
"must": [
{
"query_string": {
"default_operator": "AND",
"fields": [
"title",
"author"
],
"query": "((title:(\"Tale of Two Cities\"^2)))",
"lenient": true
}
}
],
"filter": {
"bool": {
"must": [
{
"bool": {
"should": [
{
"geo_distance": {
"distance": "50mi",
"location": {
"lat": 49.32,
"lon": -45.67
},
"distance_type": "plane",
"_cache": true
}
}
]
}
},
{
"term": {
"merged": 0
}
},
{
"bool": {
"must_not": {
"exists": {
"field": "title_type"
}
}
}
}
]
}
}
}
},
"functions": [
{
"field_value_factor": {
"field": "quality_score",
"factor": 1,
"missing": 0
}
}
]
}
},
"filter": {
"bool": {
"must": []
}
},
"sort": "_score",
"size": 20,
"from": 0
}
I'm getting a failed to parse search source. expected field name but got [START_OBJECT] error when I try to run the above code. When I remove that piece of code the query executes correctly. I've looked at documentation and other examples of more_like_this usage and I can't determine what's wrong with my query. I'm assuming it has something to do with the way the rest of the query is formed.
I have a field picture and I implement a search of users.
The goal is to show first the people with picture, then the people without it.
I am maintaining an Elasticsearch 1.7 project and I can't upgrade the version.
The mapping:
"user": {
"_all": {
"auto_boost": true
},
"properties": {
"id": {
"type": "string",
"store": true
},
"picture": {
"type": "string",
"store": true
}
It seems that the query Exist / Missing Query does not exist in ElasticSearch 1.7 (doc)
When user doens not have picture, it is stored as null. When he has one, it is store with the filename: xxx.jpg or yyyy.PNG
I tried to do a query like that:
{
"track_scores": true,
"query": {
"bool": {
"must": [
{
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"user.enabled": true
}
}
]
}
}
}
}
],
"should": [
{
"match": {
"picture": {
"query": ".jpg .png .JPG .PNG",
"operator": "or"
}
}
}
]
}
}
}
I've tried also :
/* ... */
"should": [
{
"terms": {
"minimum_match": 1,
"teacher.picture": [
".jpg",
".png",
".JPG",
".PNG"
]
}
}
]
I still have results with picture mixed with the one with no pictures...
Do you know how i can achieve this?
you mentioned your goal is to just show first the people with the pic and then the people without the pic. So you can simply just use _missing in sort.
With your following changes you would not be able to get people who don't have a picture, so don't chase exists query.
/* ... */
"should": [
{
"terms": {
"minimum_match": 1,
"teacher.picture": [
".jpg",
".png",
".JPG",
".PNG"
]
}
}
]
Instead use _missing in score.
{
"track_scores": true,
"query": {
"bool": {
"must": [
{
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"user.enabled": true
}
}
]
}
}
}
}
],
"should": [
{
"match": {
"picture": {
"query": ".jpg .png .JPG .PNG",
"operator": "or"
}
}
}
]
}
},
"sort" : [
{ "picture" : {"missing" : "_last"} },
]
}
Hope this helps.
Thanks
I am trying to query elasticsearch for all logs that have a #timestamp within a certain range. This is being done by a $.get() request using jQuery. My attempts so far have resulted in queries not within the time range. I am listing the logs on my own HTML page and although I have tried different query messages I always get one of two responses, one with times starting at 4:25 and the other with times starting at 6:39. I don't know if this is useless information but I thought it could be useful in understanding the nature of the problem.
So this is the message I have written myself.
{
"query" : {
"filtered": {
"query" : { "match_all" : {}},
"filter": {
"range" : {
"#timestamp": {
"from" : 1393580102248,
"to" : 1393583702248
}
}
}
}
}
}
We are also using Kibana (working) and I have tried copying and pasting the same exact query Kibana uses, with the SAME results as my query above.
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"match_all": {}
},
{
"range": {
"#timestamp": {
"from": 1393580102248,
"to": 1393583702248
}
}
},
{
"bool": {
"must": [
{
"match_all": {}
}
]
}
}
]
}
}
}
},
"highlight": {
"fields": {},
"fragment_size": 2147483647,
"pre_tags": [
"#start-highlight#"
],
"post_tags": [
"#end-highlight#"
]
},
"size": 500,
"sort": [
{
"#timestamp": {
"order": "desc"
}
}
]
}
What am I doing wrong? I can change the time range as well and I still get the same results.