I am searching elasticsearch index by using following query string:
curl -XGET 'http://localhost:9200/index/type/_search' -d '{
"query": {
"query_string" : {
"default_field" : "keyword",
"query" : "file*.tif"
}
}
}'
Schema for keyword field is as follows:
"keyword" : {"type" : "string", "store" : "yes", "index" : "analyzed" }
The problem with above query is it doesn't retrieve results for keyword like file001.tif while file001_copy.tif is retrieved. Match query is retrieving results correctly. Is this a limitation of Query_String or am I missing something?
You can see your problem by analyzing the string that you're indexing
curl "localhost:9200/_analyze" -d "file001.tif" | python -mjson.tool
{
"tokens": [
{
"end_offset": 7,
"position": 1,
"start_offset": 0,
"token": "file001",
"type": "<ALPHANUM>"
},
{
"end_offset": 11,
"position": 2,
"start_offset": 8,
"token": "tif",
"type": "<ALPHANUM>"
}
]
}
curl "localhost:9200/_analyze" -d "file001_copy.tif" | python -mjson.tool
{
"tokens": [
{
"end_offset": 16,
"position": 1,
"start_offset": 0,
"token": "file001_copy.tif",
"type": "<ALPHANUM>"
}
]
}
The standard analyzer file001.tif is splitting the tokens up to file001 and tif
but file001_copy.tif is not. so when you go search for file its only hitting file001_copy.tif because its the only thing that fits your criteria (has to have a token that has 'file' + 0 or more characters AND 'tif' in it)
You probably want to use a whitespace or keyword analyzer in tandem with a lowercase filter, to make it work the way you want to.
Related
I have a strange issue with my wildcard search. I've created an index with the following mapping:
I have the following document there:
When I'm performing the following query, I'm getting the document:
{
"query": {
"wildcard" : { "email" : "*asdasd*" }
},
"size": "10",
"from": 0
}
But when I'm doing the next request, I'm not getting anything:
{
"query": {
"wildcard" : { "email" : "*one-v*" }
},
"size": "10",
"from": 0
}
Can you please explain the reason for it?
Thank you
Elasticsearch uses a standard analyzer if no analyzer is specified. Assuming that the email field is of text type, so "asdasd#one-v.co.il" will get tokenized into
{
"tokens": [
{
"token": "asdasd",
"start_offset": 0,
"end_offset": 6,
"type": "<ALPHANUM>",
"position": 0
},
{
"token": "one",
"start_offset": 7,
"end_offset": 10,
"type": "<ALPHANUM>",
"position": 1
},
{
"token": "v.co.il",
"start_offset": 11,
"end_offset": 18,
"type": "<ALPHANUM>",
"position": 2
}
]
}
Now, when you are doing a wildcard query on the email field, then it will search for the tokens, created above. Since there is no token that matches one-v, you are getting empty results for the second query.
It is better to use a keyword field for wildcard queries. If you have not explicitly defined any index mapping then you need to add .keyword to the email field. This uses the keyword analyzer instead of the standard analyzer (notice the ".keyword" after the email field).
Modify your query as shown below
{
"query": {
"wildcard": {
"email.keyword": "*one-v*"
}
}
}
Search Result will be
"hits": [
{
"_index": "67688032",
"_type": "_doc",
"_id": "1",
"_score": 1.0,
"_source": {
"email": "asdasd#one-v.co.il"
}
}
]
Otherwise you need to change the data type of the email field from text to keyword type
This has to do with how text fields are saved. By default standard analyzer is used.
This is an example from the documentation which fits your case too :
The text "The 2 QUICK Brown-Foxes jumped over the lazy dog's bone." is broken into terms
[ the, 2, quick, brown, foxes, jumped, over, the, lazy, dog's, bone ].
As you can see Brown-foxes is not a single token. The same will go for one-v, it will break into one and v.
I have an index where some entries are like
{
"name" : " Stefan Drumm"
}
...
{
"name" : "Dr. med. Elisabeth Bauer"
}
The mapping of the name field is
{
"name": {
"type": "text",
"analyzer": "index_name_analyzer",
"search_analyzer": "search_cross_fields_analyzer"
}
}
When I use the below query
GET my_index/_search
{"size":10,"query":
{"bool":
{"must":
[{"match":{"name":{"query":"Stefan Drumm","operator":"AND"}}}]
,"boost":1.0}},
"min_score":0.0}
It returns the first document.
But when I try to get the second document using the query below
GET my_index/_search
{"size":10,"query":
{"bool":
{"must":
[{"match":{"name":{"query":"Dr. med. Elisabeth Bauer","operator":"AND"}}}]
,"boost":1.0}},
"min_score":0.0}
it is not returning anything.
Things I can't do
can't change the index
can't use the term query.
change the operator to 'OR', because in that case it will return multiple entries, which I don't want.
What I am doing wrong and how can I achieve this by modifying the query?
You have configured different analyzers for indexing and searching (index_name_analyzer and search_cross_fields_analyzer). If these analyzers process the input Dr. med. Elisabeth Bauer in an incompatible way, the search isn't going to match. This is described in more detail in Index and search analysis, as well as in Controlling Analysis.
You don't provide the definition of these two analyzers, so it's hard to guess from your question what they are doing. Depending on the analyzers, it may be possible to preprocess your query string (e.g. by removing .) before executing the search so that the search will match.
You can investigate how analysis affects your search by using the _analyze API, as described in Testing analyzers. For your example, the commands
GET my_index/_analyze
{
"analyzer": "index_name_analyzer",
"text": "Dr. med. Elisabeth Bauer"
}
and
GET my_index/_analyze
{
"analyzer": "search_cross_fields_analyzer",
"text": "Dr. med. Elisabeth Bauer"
}
should show you how the two analyzers configured for your index treats the target string, which might provide you with a clue about what's wrong. The response will be something like
{
"tokens": [
{
"token": "dr",
"start_offset": 0,
"end_offset": 2,
"type": "<ALPHANUM>",
"position": 0
},
{
"token": "med",
"start_offset": 4,
"end_offset": 7,
"type": "<ALPHANUM>",
"position": 1
},
{
"token": "elisabeth",
"start_offset": 9,
"end_offset": 18,
"type": "<ALPHANUM>",
"position": 2
},
{
"token": "bauer",
"start_offset": 19,
"end_offset": 24,
"type": "<ALPHANUM>",
"position": 3
}
]
}
For the example output above, the analyzer has split the input into one token per word, lowercased each word, and discarded all punctuation.
My guess would be that index_name_analyzer preserves punctuation, while search_cross_fields_analyzer discards it, so that the tokens won't match. If this is the case, and you can't change the index configuration (as you state in your question), one other option would be to specify a different analyzer when running the query:
GET my_index/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"name": {
"query": "Dr. med. Elisabeth Bauer",
"operator": "AND",
"analyzer": "index_name_analyzer"
}
}
}
],
"boost": 1
}
},
"min_score": 0
}
In the query above, the analyzer parameter has been set to override the search analysis to use the same analyzer (index_name_analyzer) as the one used when indexing. What analyzer might make sense to use depends on your setup. Ideally, you should configure the analyzers to align so that you don't have to override at search time, but it sounds like you are not living in an ideal world.
I am running a terms query in elastic search version 7.2, when I have 4 characters in my query, it works and if I add or remove any characters it's not working.
Working query:
{
"query": {
"bool": {
"must": [{
"terms": {
"GEP_PN": ["6207"]
}
},
{
"match": {
"GEP_MN.keyword": "SKF"
}
}
]
}
}
}
Result :
Query that is failing :
Its not failing, its not finding the result for your search-term, please note that terms query are not analyzed as mention in the docs.
Returns documents that contain one or more exact terms in a provided
field.
Please provide the mapping of your index and if its using the text field and you are not using custom-analyzer it will use standard analyzer which would split tokens on -, hence your terms query is not matching the tokens present in inverted index.
Please see the analyze API o/p for your search-term, which explains the probable root-cause.
{
"text" : "6207-R"
}
Tokens
{
"tokens": [
{
"token": "6207",
"start_offset": 0,
"end_offset": 4,
"type": "<NUM>",
"position": 0
},
{
"token": "r",
"start_offset": 5,
"end_offset": 6,
"type": "<ALPHANUM>",
"position": 1
}
]
}
I have been playing with ES for few days and have a strange behavior when i perform a search query, i am sure i am missing something and has nothing to do with ES issue. I have created a few email address in my database for testing purpose and one of them i need to find is "feaviera3a3e#veistzvmldsvjio.com", somehow when i type "veistzvmldsvjio.com" i get the results but when i type
"veistzvmldsvjio"(with out .com) no results found.
Here is my code:
query: {
"multi_match" : {
"query" : "veistzvmldsvjio",
"fields" : [ "email","name","phone","username" ]
}
}
I guess i am doing something wrong but can't figure out what. Do you have any clue or advise what i am missing here?
Thx
I found the answer and it works:
"query_string" : {
"query": "*whatever*",
"fields": [ "email","name","phone","email" ]
}
}
You can check es's analyze,eg:
curl --request GET --url 'http://localhost:9200/test/_analyze?text=feaviera3a3e%40veistzvmldsvjio.com' \
result:
{
"tokens": [{
"token": "feaviera3a3e",
"start_offset": 0,
"end_offset": 12,
"type": "<ALPHANUM>",
"position": 0
}, {
"token": "veistzvmldsvjio.com",
"start_offset": 13,
"end_offset": 32,
"type": "<ALPHANUM>",
"position": 1
}]
}
So,use match query "veistzvmldsvjio",it's no results.
Purpose
remove stopword from appearing in term facets
Environment & setup
Mac OSX,
ES 0.90.7 installed via homebrew
Steps
update config
# /usr/local/Cellar/elasticsearch/0.90.7/config/elasticsearch.yml
# add more Stopwords to default standard analyzer
index:
analysis:
analyzer:
standard:
type: standard
stopwords: [http, t.co]
restart ES
curl -XGET 'localhost:9200/_analyze?analyzer=standard&pretty' -d 'this is a test http'
result is
{
"tokens": [
{
"token": "test",
"start_offset": 10,
"end_offset": 14,
"type": "<ALPHANUM>",
"position": 4
},
{
"token": "http",
"start_offset": 15,
"end_offset": 19,
"type": "<ALPHANUM>",
"position": 5
}
]
}
Expectation
http shouldn't not be indexed nor appear in token
You don't need to mess with analyzer configuration to exclude words from a terms facet. You can give the exclude param a list of words to exclude when requesting a terms facet:
"facets" : {
"body" : {
"terms" : {
"field" : "body",
"exclude" : ["http". "t.co"]
}
}
}
See the terms facet documentation for more information.