Is it possible to use facet script and facet filter in elasticsearch like this?
{
"facets": {
"judges": {
"terms": {
"field": "judges.untouched",
"size": 10,
"all_terms": false,
"script": { "script": "...", "params": { }}
},
"global_facets": false,
"facet_filter": {
"and": [
{
"query": {
"query_string": {
"query": "..... ",
"fields": [
"judges.analyzed"
],
"default_operator": "and",
"analyze_wildcard": true
}
}
}
]
}
}
}
}
Because when i run this query, elasticsearch raises error: Parse Failure [No facet type found for [and]]]; }.
Thanks
EDIT Incorrect answer. I'm leaving it because of context.
To clarify: and is an appropriate filter and should be accepted by facet_filter. Not sure what's up.
Untested, but from the docs: (http://www.elasticsearch.org/guide/reference/api/search/facets/)
All facets can be configured with an additional filter (explained in the Query DSL section)
So you need to put an appropriate query in facet_filter. And is NOT an appropriate filter (the error you receive could be clearer)
e.g:
"facet_filter" : {
"term" : { "user" : "kimchy"}
}
You'd probably want something like:
"facet_filter" : {
"query_string": {
"query": "..... ",
"fields": [
"judges.analyzed"
],
"default_operator": "and",
"analyze_wildcard": true
}
}
The syntax for an and filter is:
"facet_filter": {
"and": {
"filters": [
{
// filter definition
},
{
// another filter definition
}
]
}
}
But you're using only a single condition, so there's no need of an and filter.
You should just have:
"facet_filter": {
"query": {
"query_string": {
"query": "..."
}
}
}
Related
I'm trying to create a query to count instances where two conditions are met over the last day.
This query shows the count for the two conditions, but when I try to add a range in, it seems to match all documents:
GET logstash-*/_count
{
"query": {
"bool": {
"should": [
{
"match": {
"rawmsg": {
"query": "Could not send Message.",
"type": "phrase"
}
}
},
{
"match": {
"stack_trace": {
"query": "*WebServiceException*",
"type": "phrase"
}
}
}
]
}
}
}
Here's how I'm trying to add the date range:
GET logstash-*/_count
{
"query": {
"bool": {
"should": [
{
"match": {
"rawmsg": {
"query": "Could not send Message.",
"type": "phrase"
}
}
},
{
"match": {
"stack_trace": {
"query": "*WebServiceException*",
"type": "phrase"
}
}
},
{
"range" : {
"#timestamp" : {
"gte" : "now-1d/d",
"lt" : "now/d"
}
}
}
]
}
}
}
I ended up finding two ways of accomplishing what I needed:
GET logstash-*/tcp_input/_count?q=stack_trace: *WebServiceException* AND rawmsg: "Could not send Message" AND #timestamp: [ now-30d TO now ]
and
GET logstash-*/_count
{
"query": {
"query_string": {
"query": """stack_trace: *WebServiceException* AND rawmsg: "Could not send Message" AND #timestamp: [ now-3d TO now]""",
"analyze_wildcard": true
}
}
}
You are using a should clause instead of a must clause, which effectively combines your conditions with an OR instead of an AND.
Also the timestamp should be now/d-1d for the range query.
I'm trying to run an exact match query in ES
in MYSQL my query would be:
SELECT * WHERE `content_state`='active' AND `author`='bob' AND `title` != 'Beer';
I looked at the ES docs here:
https://www.elastic.co/guide/en/elasticsearch/guide/current/_finding_exact_values.html
and came up with this:
{
"from" : '.$offset.', "size" : '.$limit.',
"filter": {
"and": [
{
"and": [
{
"term": {
"content_state": "active"
}
},
{
"term": {
"author": "bob"
}
},
{
"not": {
"filter": {
"term": {
"title": "Beer"
}
}
}
}
]
}
]
}
}
but my results are still coming back with the title = Beer, it doesn't seem to be excluding the titles that = Beer.
did I do something wrong?
I'm pretty new to ES
I figured it out, I used this instead...
{
"from" : '.$offset.', "size" : '.$limit.',
"query": {
"bool": {
"must": [
{
"query_string": {
"default_field": "content_state",
"query": "active"
}
},
{
"query_string": {
"default_field": "author",
"query": "bob"
}
}
],
"must_not": [
{
"query_string": {
"default_field": "title",
"query": "Beer"
}
}
]
}
}
}
Query String Query is a pretty good concept to handle various relationship between search criteria. Have a quick look into Query string query syntax to understand in detail about this concept
{
"query": {
"query_string": {
"query": "(content_state:active AND author:bob) AND NOT (title:Beer)"
}
}
}
Filters are supposed to work on exact values, if you had defined your mapping in a manner where title was a non-analyzed field, your previous attempt ( with filters) would have worked as well.
{
"mappings": {
"test": {
"_all": {
"enabled": false
},
"properties": {
"content_state": {
"type": "string"
},
"author": {
"type": "string"
},
"title": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
I'm quite new to Elasticsearch, so here's my question.
I wanna do a search query with elasticsearch and wanna filter with multiple terms.
If I want to search for a user 'tom', then I would like to have all the matches where the user 'isActive = 1', 'isPrivate = 0' and 'isOwner = 1'.
Here's my search query
"query":{
"filtered": {
"query": {
"query_string": {
"query":"*tom*",
"default_operator": "OR",
"fields": ["username"]
}
},
"filter": {
"term": {
"isActive": "1",
"isPrivate": "0",
"isOwner": "1"
}
}
}
}
When I use 2 terms, it works like a charm, but when i use 3 terms it doesn't.
Thanks for the help!!
You should use bool filter to AND all your terms:
"query":{
"filtered": {
"query": {
"query_string": {
"query":"*tom*",
"default_operator": "OR",
"fields": ["username"]
}
},
"filter": {
"bool" : {
"must" : [
{"term" : { "isActive" : "1" } },
{"term" : { "isPrivate" : "0" } },
{"term" : { "isOwner" : "1" } }
]
}
}
}
}
For version 2.x+ you can use bool query instead of filtered query with some simple replacement: https://www.elastic.co/guide/en/elasticsearch/reference/7.4/query-dsl-filtered-query.html
As one of the comments says, the syntax has changed in recent ES versions. If you are using Elasticsearch 6.+, and you want to use a wildcard and a sequence of terms in your query (such as in the question), you can use something like this:
GET your_index/_search
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"your_field_name_1": {
"value": "tom*"
}
}
},
{
"term": {
"your_field_name_2": {
"value": "US"
}
}
},
{
"term": {
"your_field_name_3": {
"value": "Michigan"
}
}
},
{
"term": {
"your_field_name_4": {
"value": "0"
}
}
}
]
}
}
}
Also, from the documentation about wildcard queries:
Note that this query can be slow, as it needs to iterate over many
terms. In order to prevent extremely slow wildcard queries, a wildcard
term should not start with one of the wildcards * or ?.
I hope this helps.
We search on the following fields in our index:
individual_name (string)
organisation_name (string)
profile (string)
locations (string)
nationwide (boolean)
If a user searches for "optometrist" in "Hamilton", and an optometrist in our index has listed themselves as "nationwide" (but not specifically in Hamilton), desired behaviour is that the optometrist would show up with the Hamilton results - effectively ignoring the location requirement.
We're currently running a multi_match query, an example of which is below.
{
"query": {
"filtered" : {
"query" : {
"multi_match": {
"query": "optometrist",
"zero_terms_query": "all",
"operator": "and",
"fields": [
"individual_name^1.2",
"organisation_name^1.5",
"profile",
"accreditations"
]
}
},
"filter": {
"and": [{
"term": {
"locations" : "hamilton"
}
}],
}
}
}
}
How can this be modified so documents with "nationwide": "yes" are returned for this query, regardless of location?
I've tried an or query under the and, but of course that ignored the multi_match.
I think this will give you the desired results:
{
"query": {
"filtered" : {
"query" : {
"multi_match": {
"query": "optometrist",
"zero_terms_query": "all",
"operator": "and",
"fields": [
"individual_name^1.2",
"organisation_name^1.5",
"profile",
"accreditations"
]
}
},
"filter": {
"or": [
{"term": {"locations" : "hamilton"}},
{'term' : {'nationwide' : 'yes'}}
],
}
}
}
}
How can i create Elasticsearch curl query to get the field value which are not null and not empty(""),
Here is the mysql query:
select field1 from mytable where field1!=null and field1!="";
A null value and an empty string both result in no value being indexed, in which case you can use the exists filter
curl -XGET 'http://127.0.0.1:9200/test/test/_search?pretty=1' -d '
{
"query" : {
"constant_score" : {
"filter" : {
"exists" : {
"field" : "myfield"
}
}
}
}
}
'
Or in combination with (eg) a full text search on the title field:
curl -XGET 'http://127.0.0.1:9200/test/test/_search?pretty=1' -d '
{
"query" : {
"filtered" : {
"filter" : {
"exists" : {
"field" : "myfield"
}
},
"query" : {
"match" : {
"title" : "search keywords"
}
}
}
}
}
'
As #luqmaan pointed out in the comments, the documentation says that the filter exists doesn't filter out empty strings as they are considered non-null values.
So adding to #DrTech's answer, to effectively filter null and empty string values out, you should use something like this:
{
"query" : {
"constant_score" : {
"filter" : {
"bool": {
"must": {"exists": {"field": "<your_field_name_here>"}},
"must_not": {"term": {"<your_field_name_here>": ""}}
}
}
}
}
}
On elasticsearch 5.6, I have to use command below to filter out empty string:
GET /_search
{
"query" : {
"regexp":{
"<your_field_name_here>": ".+"
}
}
}
Wrap a Missing Filter in the Must-Not section of a Bool Filter. It will only return documents where the field exists, and if you set the "null_value" property to true, values that are explicitly not null.
{
"query":{
"filtered":{
"query":{
"match_all":{}
},
"filter":{
"bool":{
"must":{},
"should":{},
"must_not":{
"missing":{
"field":"field1",
"existence":true,
"null_value":true
}
}
}
}
}
}
}
You can do that with bool query and combination of must and must_not like this:
GET index/_search
{
"query": {
"bool": {
"must": [
{"exists": {"field": "field1"}}
],
"must_not": [
{"term": {"field1": ""}}
]
}
}
}
I tested this with Elasticsearch 5.6.5 in Kibana.
The only solution here that worked for me in 5.6.5 was bigstone1998's regex answer. I'd prefer not to use a regex search though for performance reasons. I believe the reason the other solutions don't work is because a standard field will be analyzed and as a result have no empty string token to negate against. The exists query won't help on it's own either since an empty string is considered non-null.
If you can't change the index the regex approach may be your only option, but if you can change the index then adding a keyword subfield will solve the problem.
In the mappings for the index:
"myfield": {
"type": "text",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
}
Then you can simply use the query:
{
"query": {
"bool": {
"must": {
"exists": {
"field": "myfield"
}
},
"must_not": {
"term": {
"myfield.keyword": ""
}
}
}
}
}
Note the .keyword in the must_not component.
You can use not filter on top of missing.
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"not": {
"filter": {
"missing": {
"field": "searchField"
}
}
}
}
}
}
Here's the query example to check the existence of multiple fields:
{
"query": {
"bool": {
"filter": [
{
"exists": {
"field": "field_1"
}
},
{
"exists": {
"field": "field_2"
}
},
{
"exists": {
"field": "field_n"
}
}
]
}
}
}
You can use a bool combination query with must/must_not which gives great performance and returns all records where the field is not null and not empty.
bool must_not is like "NOT AND" which means field!="", bool must exist means its !=null.
so effectively enabling: where field1!=null and field1!=""
GET IndexName/IndexType/_search
{
"query": {
"bool": {
"must": [{
"bool": {
"must_not": [{
"term": { "YourFieldName": ""}
}]
}
}, {
"bool": {
"must": [{
"exists" : { "field" : "YourFieldName" }
}]
}
}]
}
}
}
ElasticSearch Version:
"version": {
"number": "5.6.10",
"lucene_version": "6.6.1"
}
ES 7.x
{
"_source": "field",
"query": {
"bool": {
"must": [
{
"exists": {
"field":"field"
}
}
],
"must_not": [
{
"term": {
"field.keyword": {
"value": ""
}
}
}
]
}
}
}
We are using Elasticsearch version 1.6 and I used this query from a co-worker to cover not null and not empty for a field:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": [
{
"exists": {
"field": "myfieldName"
}
},
{
"not": {
"filter": {
"term": {
"myfieldName": ""
}
}
}
}
]
}
}
}
}
}
You need to use bool query with must/must_not and exists
To get where place is null
{
"query": {
"bool": {
"must_not": {
"exists": {
"field": "place"
}
}
}
}
}
To get where place is not null
{
"query": {
"bool": {
"must": {
"exists": {
"field": "place"
}
}
}
}
}
Elastic search Get all record where condition not empty.
const searchQuery = {
body: {
query: {
query_string: {
default_field: '*.*',
query: 'feildName: ?*',
},
},
},
index: 'IndexName'
};