this is my elastic search query,
I want to search in all languages under data.title and not particularly eng.
if i put data.title there are 0 results.
{
"bool": {
"must": [
{
"span_near": {
"clauses": {
"0": {
"span_multi": {
"match": {
"wildcard": {
"data.Title.eng": "method"
}
}
}
},
"1": {
"span_multi": {
"match": {
"wildcard": {
"data.Title.eng": "system"
}
}
}
}
},
"slop": 1,
"in_order": false
}
}
]
}
}
Instead of wildcard query , try to use query_string :-
Example :-
{
"query": {
"query_string": {
"default_field": "data.Title.*",
"query": "*zz* *ell*"
}
}
}
query_string is more effective than wildcard in search .
To get more difference between them , check this link
Related
The query below is what I would like to construct using elasticsearch-dsl-py, but I do not know how to do it.
GET /my_index/_search
{
"query": {
"filtered": {
"filter": {
"bool": {
"or": {
"filters": [
{
"term": {
"status": "a"
},
"term": {
"x_status": "a"
},
}
]
}
}
}
}
}
}
I just want to execute a query like below in SQL format
select * from my_index where status = "a" or x_status="a"
I'm not sure which version of ES you're running, but just know that filtered has been replaced by bool a long time ago in version 5. So your query can be rewritten like this:
GET /my_index/_search
{
"query": {
"bool": {
"should": [
{
"term": {
"status": "a"
}
},
{
"term": {
"x_status": "a"
}
}
]
}
}
}
Using elasticsearch-dsl-py, this translates to:
s = Search()
s = s.query('bool', should=[Q('term', status='a'), Q('term', x_status='a')])
I want to write a conditional query in elastic search. This is my complete query but its not working as expected.
like:
{"query":{"bool":{"must":[{"nested":{"path":"ticket_group","score_mode":"max","inner_hits":{"from":0,"size":10000},"query":{"bool":{"must":[{"range":{"ticket_group.available":{"gte":1}}},{"bool":{"minimum_should_match":1,"should":[{"bool":{"must":[{"match":{"ticket_group.customer_id":1}},{"match":{"ticket_group.ticket_type":1}},{"match":{"ticket_group.individual_purchase":1}}]}},{"bool":{"must_not":[{"match":{"ticket_group.ticket_type":1}}]}}]}},{"terms":{"ticket_group.ticket_type":[1,3,4]}}]}}}}]}},"size":10,"from":0}
I want to perform search individual_purchase=1 only if ticket_type=1.
How can i write this query?
Then you can do something like this:
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"must": [
{
"match": {
"ticket_group.ticket_type": 1
}
},
{
"match": {
"ticket_group.individual_purchase": 1
}
}
]
}
},
{
"bool": {
"must_not": [
{
"match": {
"ticket_group.ticket_type": 1
}
}
]
}
}
]
}
}
}
The above query translates to:
either ticket_type = 1 AND individual_purchase = 1
or ticket_type != 1
I want build query for search matching with nested and not equal.
This is my elasticSearch query:
{
"from":0,"size":1000,
"query":{
"nested" : {
"path" : "data",
"query" : {
"match" : {
"data.city" : "california"
}
}
},
"filter":{
"not":{
"filter":{
"term":{
"_id":"01921asda01201"
}
}
}
}
}
}
But I got error, am I write something wrong ? thanks
You can use bool Filter too with must and must_not clause.
{
"from": 0,
"size": 1000,
"filter": {
"bool": {
"must": [
{
"nested": {
"path": "data",
"query": {
"match": {
"data.city": "california"
}
}
}
}
],
"must_not": [
{
"term": {
"_id": "01921asda01201"
}
}
]
}
}
}
You need to use filtered query
GET _search
{
"query": {
"filtered": {
"query": {
"nested": {
"path" : "data",
"query" : {
"match" : {
"data.city" : "california"
}
}
}
},
"filter": {
"bool": {
"must_not": [
{
"term": {
"_id": "01921asda01201"
}
}
]
}
}
}
}
}
You should use a bool query for this, and put your two clauses in the must and must_not sections respectively.
If you don't care about scoring on the data.city field (from your example it's not clear), you might want to use the filter portion instead of the must portion.
{
"from": 0,
"size": 1000,
"query": {
"bool": {
"filter": [
{
"nested": {
"path": "data",
"query": {
"match": {
"data.city": "california"
}
}
}
}
],
"must_not": [
{
"term": {
"_id": "01921asda01201"
}
}
]
}
}
}
I have a certain use case that I'm researching involving creating a query that returns events whenever a failed login occurs from two separate accounts on one machine.
I've created the following query, but I'm receiving errors whenever I try to run it.
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter" : {
"term": {
"EventID": "4625"
}
},
"filter" : {
"range" : {
"_timestamp" : {
"gt": "now-15m"
}
}
}
}
},
aggs: {
group_by_host: {
terms: {
field: 'hostname'
},
aggs: {
group_by_user: {
terms: {
field: 'username'
}
}
}
}
}
Any
You need to wrap your filters inside bool. You can refer to docs for more info.
Try this
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
"must": [
{
"term": {
"EventID": "4625"
}
},
{
"range": {
"_timestamp": {
"gt": "now-15m"
}
}
}
]
}
}
}
},
"aggs": {
"group_by_host": {
"terms": {
"field": "hostname"
},
"aggs": {
"group_by_user": {
"terms": {
"field": "username"
}
}
}
}
}
}
I am using Elasticsearch to find my result. How I sum two fields inside my query?
{
"query": {
"bool": {
"must": [
{ "term": { "x.flag1": "false" } },
{ "term": { "x.flag2": "false" } }
]
}
}
}
Now I want to find sum of two fields x.a and x.b and compare it with an other field, say x.c
(x.a + x.b === x.c)
I have to include this inside the bool query. So that only those records that satisfy both these conditions will be in my result. Is this possible?
You can do it via a script query like this:
The query for ES 2.x onwards:
{
"query": {
"bool": {
"must": [
{
"term": {
"x.flag1": "false"
}
},
{
"term": {
"x.flag2": "false"
}
}
],
"filter": {
"script": {
"script": "doc['x.a'].value + doc['x.b'].value === doc['x.c'].value"
}
}
}
}
}
The same query for a pre-2.0 ES version:
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"x.flag1": "false"
}
},
{
"term": {
"x.flag2": "false"
}
},
{
"script": {
"script": "doc['x.a'].value + doc['x.b'].value === doc['x.c'].value"
}
}
]
}
}
}
}
}
Note that you need to enable dynamic scripting for this to work (i.e. script.inline: true).
However, if you have many documents, this can quickly slow down your ES cluster. If possible this should be done at indexing time, where you'd create another boolean field exactly for this purpose and then you can simply filter documents based on that boolean field which contains the true/false condition you need.