I have a query with several "should" clauses:
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "<condition1>"
}
},
{
"query_string": {
"query": "<condition1>"
}
}
]
}
},
}
},
"size": 1000,
"sort": [
{
"#timestamp": {
"order": "asc"
}
}
]
}
How can I find out which query results were produced by condition1, and which by condition2? Is it possible to inject a field with different values for different conditions, or distinguish hits in any other way?
You can use named queries to achieve this.
{
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "<condition1>",
"_name": "sub_query_1"
}
},
{
"query_string": {
"query": "<condition1>",
"_name": "sub_query_2"
}
}
]
}
}
}
You result will then contain a matched_filters array with either sub_query_1, sub_query_2, or both in it.
Update
Play link: https://www.found.no/play/gist/af1a1fa2b5cf3aa279b1
Related
So I have this query and I am trying to aggregate a certain field but when I use the same query in aggregation I dont get expected results
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "TEST",
"fields": ["TESTFIELD1", "TESTFIELD2"],
"lenient": true,
"default_operator": "OR"
}
}
]
}
},
"aggs": {
"All": {
"global": {},
"aggs": {
"TESTAGG": {
"filter": {
"bool": {
"must": [
{
"query_string": {
"query": "TEST",
"fields": ["TESTFIELD1", "TESTFIELD2"],
"lenient": true,
"default_operator": "OR"
}
}
]
}
},
"aggs": {
"subs": {
"terms": {
"field": "TESTFIELD1",
"size": 100,
"order": { "_term": "asc" }
}
}
}
}
}
}
}
}
The issue is in the aggregation is that I get values for TESTFIELD1 that dont exist in the hits in the main query and I am not sure why. Any ideas?
i have elasticsearch 6.8.8, just for an example of my question. I want to create a query that gets me document with "Test" field with value "1", and i don't want to get "Test" field with value of "3", i know that i could write just the first expression without 3 and it will give me one document with value of "1". But i want to know, is there any way, that i can use must and must_not in the same time, on the same field and getting just the value of "1"?
I wrote this basic example to know what i mean:
{
"from": 0,
"query": {
"nested": {
"path": "attributes",
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "1"
}
}
}
],
"must_not": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "3"
}
}
}
]
}
}
]
}
}
}
}
}
I use attributes as nested field with key-value field that use mapping as string type.
You'll need to leave out attributes.key:Test in the must_not because it filters out all Tests:
GET combine_flat/_search
{
"from": 0,
"query": {
"nested": {
"inner_hits": {},
"path": "attributes",
"query": {
"bool": {
"should": [
{
"bool": {
"must": [
{
"match": {
"attributes.key": {
"query": "Test"
}
}
},
{
"match": {
"attributes.value": {
"query": "1"
}
}
}
],
"must_not": [
{
"match": {
"attributes.value": {
"query": "3"
}
}
}
]
}
}
]
}
}
}
}
}
Tip: use inner_hits to just return the matched nested key-value pairs as opposed to the whole field.
I have a nested object named 'bundles', that usually contains more than one object. Using this query I can succesfully query on the id of an object in bundles, but I fail to write a query that can query on multiple id's. Suggestions?
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"match": {
"bundles.id": 43273
}
}
]
}
},
"inner_hits": {}
}
}
}
Perhaps you want "should" instead of "must" in the boolean filter. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"should": [
{
"match": {
"bundles.id": 43273
},
{
"match": {
"bundles.id": 433373
}
}
]
}
}
}
}
}
You could also use terms query if the field can be matched exactly. For example:
{
"query": {
"nested": {
"path": "bundles",
"query": {
"bool": {
"must": [
{
"terms": {
"bundles.id": [1140000000, 114]
}
}
]
}
}
}
}
}'
I'm having trouble querying in elastic search. I'm searching over a specific set of data defined by the state_id, and then wanting to return all the states which do not have either one of the cities defined by the identifiers below.
The query below returns 18 results with just "city_id_1", and 0 results with "city_id_2". With both though, I return 0 results (since "city_id_2" is on every state record). What I want to do is still return the 18 results, but query over both cities.
I feel like my query should be working, and basically doing a NOT (A or B) style query, equivalent to NOT A and NOT B, but basically the 0 results seems to be overriding the 18.
Is there a way I can change my query to get the results I want, or is this something elasticsearch cannot do?
{
"query": {
"bool": {
"must": [
{ "terms": { "state_id": ["4ca16f80-da79-11e5-9874-64006a4f57cb"]}}
],
"must_not": [
{
"nested": {
"path": "cities",
"query": {
"bool": {
"should": [
{"term": { "cities.identifier": "city_id_1"}},
{"term": { "cities.identifier": "city_id_2"}}
]
}
}
}
}
]
}
},
"size": 10
}
Try this on for size. Elasticsearch is silly. The filter needs to be in each of the nested queries.
{
"query": {
"bool": {
"should": [
{
"query": {
"bool": {
"must_not": [
{
"nested": {
"path": "cities",
"query": {
"term": { "cities.identifier": "city_id_1"}
}
}
}
],
"filter":[
{
"term":{
"state_id":"4ca16f80-da79-11e5-9874-64006a4f57cb"
}
}
]
}
}
},
{
"query": {
"bool": {
"must_not": [
{
"nested": {
"path": "cities",
"query": {
"term": { "cities.identifier": "city_id_2"}
}
}
}
],
"filter":[
{
"term":{
"state_id":"4ca16f80-da79-11e5-9874-64006a4f57cb"
}
}
]
}
}
}
]
}
},
"size": 10
}
If you want NOT A AND NOT B behaviour you need to make a little change
{
"query": {
"bool": {
"must": [
{ "terms": { "state_id": ["4ca16f80-da79-11e5-9874-64006a4f57cb"]}}
],
"must_not": [
{
"nested": {
"path": "cities",
"query": {
"bool": {
"must": [ ====> Use must instead of should
{"term": { "cities.identifier": "city_id_1"}},
{"term": { "cities.identifier": "city_id_2"}}
]
}
}
}
}
]
}
},
"size": 10
}
This will exclude those record which will have both city_id_1 and city_id_2.
As per my understanding, you are looking our for NOT A or NOT B kind of a clause. Please check the query below and see if it fits your requirement
{
"query": {
"bool": {
"must": [
{ "terms": { "state_id": ["4ca16f80-da79-11e5-9874-64006a4f57cb"]}}
],
"should": [
{
"nested": {
"path": "cities",
"query": {
"bool": {
"must_not": [
{"term": { "cities.identifier": "city_id_1"}}
]
}
}
}
},
{
"nested": {
"path": "cities",
"query": {
"bool": {
"must_not": [
{"term": { "cities.identifier": "city_id_2"}}
]
}
}
}
}
],
"minimum_number_should_match": 1
}
},
"size": 10
}
Is it possible to combine query_string and bool query in filter query?
For Example -
{
"filter": {
"query_string": {
"query": "field:text"
}
},
"bool": {
"should": {
"match": {
"field": "text"
}
}
}
}
bool is meant to be used to club various queries together into a single bool query.
You can use bool to combine multiple queries in this manner -
{
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}
The must clause will make sure all the conditions are matched.
You can also use should which will make sure either one of the query is matched in case of only should is used.
As bool is just another query type , you can also club bool queries inside bool queries as follows -
{
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"query_string": {
"query": "field:text"
}
},
{
"match": {
"field": "value"
}
}
]
}
},
{
"match": {
"field": "text"
}
}
]
}
}
}