I need to search through a database with 3 keywords(3 queries), and I need to tell the user which of the keywords (query) that gave a result.
I've been looking into Named Queries as a possible solution.
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-named-queries-and-filters.html
I was wondering if it is possible to apply named queries to a nested query?
According to the documentation:
The search response will include for each hit the matched_queries it
matched on.
So I tried with just one easy query to see how it works, I got a result, but no "matched_queries". Did I do something wrong?
This is my query in Kibana: (Im not using actual name)
GET database/document/_search
{
"query": {
"nested": {
"path": "first_path",
"query": {
"nested" : {
"path" : "second_path",
"query" : {
"match": {
"match_field": {
"query": "First query",
"_name" : "query"
}
}
}
}
},
"inner_hits": {}
}
}
}
From what I can see in
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-named-queries-and-filters.html
The search response will include for each hit the matched_queries it
matched on. The tagging of queries and filters only make sense for the
bool query.
It looks like you should use "bool" query in your inner-most query:
.
.
.
"query" : {
"bool": {
"should" {
…
}
}
}
Related
I am new to Elasticsearch.
Does anybody have an idea on how to change this query from an
currently _msearch query to an _search query?
It would also be convenient if I didn't have to make a separate query for every "CAR" but instead solve it with only one query. I would like to use the bucket aggregation instead.
This is my the query where I search for every Car separately:
GET /index/_msearch
{}
{"query": {"match": {"name": "CAR_RED"}},"size": 1,"sort": {"time":{"order": "desc"}}}
{}
{"query": {"match": {"name": "CAR_BLACK"}},"size": 1,"sort": {"time":{"order": "desc"}}}
{}
{"query": {"match": {"name": "CAR_WHITE"}},"size": 1,"sort": {"time":{"order": "desc"}}}
At the moment I am trying to solve it with the bucket aggregation but I always get an error.
GET /index/_search
{
"size": 0,
"aggs" : {
"CARS":{
"terms":{"field":"name.keyword"}
},
"bucket_sort": {
"sort": [
{"time":{"order": "desc"}}
],
"size": 1
}
}
}
It would be awesome if anyone could help me with this query.
GET /index/_search
{
"size": 0,
"query" : {"terms" : {"name.keyword" : ["CAR_RED","CAR_BLACK","CAR_WHITE"] }},
"aggs" : {
"CARS":{
"terms":{"field":"name.keyword"},
"aggs" : {
"top_cars_by_time" : {
"top_hits" : {
"sort" : [
{
"time" : {order: "desc"}
}
]
}
}
}
}
}
}
What this query does:
Filters in the query itself, the RED,BLACK AND WHITE CARS
Aggregates the results by car color.
Then for each bucket in the aggregation, sorts the results by the descending order of the time field.
SO for every car color, you will get the hit with the greatest time first, and so on.
Read up on top_hits, its the aggregation you need.
Top Hits Aggregation
HTH.
I get log files from my firewall which i want to filter for several strings.
However the string contains always some other information. So i want to filter the whole string for some specific words which are always in the string: "User" "authentication" "failed.
I tried this but i do not get any data from it:
"query": {
"bool": {
"must": [
{
"range": {
"#timestamp": {
"gt": "now-15m"
}
}
},
{
"query_string": {
"query": "User AND authentication AND failed"
}
}
]
}
}
}
However i cannot find the syntax for specific filtering words in strings. Hopefully some of you can help me.
This is the message log ( i want to filter "event.original"): Screenshot
Currently developing a tag search application using elasticsearch, I have given each document within the index an array of tags, here's an example of how a document looks:
_source: {
title: "Keep in touch scheme",
intro: "<p>hello this is a test</p> ",
full: " <p>again this is a test mate</p>",
media: "",
link: "/training/keep-in-touch",
tags: [
"employee",
"training"
]
}
I would like to be able to make a search and only return documents with all of the specified tags.
Using the above example, if I searched for a document with tags ["employee", "training"] then the above result would be returned.
In contrast, if I searched with tags ["employee", "other"], then nothing would be returned; all tags within the search query must match.
Currently I am doing:
query: {
bool: {
must: [
{ match: { tags: ["employee","training"] }}
]
}
}
but I am just getting returned exceptions like
IllegalStateException[Can't get text on a START_ARRAY at 1:128];
I have also tried concatenating the arrays and using comma-delimited strings, however this seems to match anything given the first tag matches.
Any suggestions on how to approach this? Cheers
Option 1: Next example should work (v2.3.2):
curl -XPOST 'localhost:9200/yourIndex/yourType/_search?pretty' -d '{
"query": {
"bool": {
"must": [
{ "term": { "tags": "employee" } } ,
{ "term": { "tags": "training" } }
]
}
}
}'
Option 2: Also you can try:
curl -XPOST 'localhost:9200/yourIndex/yourType/_search?pretty' -d '{
"query": {
"filtered": {
"query": {"match_all": {}},
"filter": {
"terms": {
"tags": ["employee", "training"]
}
}
}
}
}'
But without "minimum_should_match": 1 it works little bin not accurate.
I also found "execution": "and" but it works not accurate too.
Option 3: Also you cat try query_string it works perfectly, but looks little bit complicated:
curl -XPOST 'localhost:9200/yourIndex/yourType/_search?pretty' -d '{
"query" : {
"query_string": {
"query": "(tags:employee AND tags:training)"
}
}
}'
Maybe it will be helpful for you...
To ensure that the set contains only the specified values, maintain a secondary field to keep track of the tags count. Then you can query like below to get the desired results
"query":{
"bool":{
"must":[
{"term": {"tags": "employee"}},
{"term": {"tags": "training"}},
{"term": {"tag_count": 2}}
]
}
}
I want to query elasticsearch for one or two key:value pair such as:
http://localhost:9200/indexname/_search?pretty=1&q=Date:%222000-12-30T10:11:25%22&q=id:%22unique_id%22
This query takes only the unique_id into consideration. If I change the Date to any invalid value, still it gives me all values based on the Unique_id.
Any idea how to make an AND condition with both the queries? It should consider both queries and provide result accordingly? Please advice. Thanks.
According to documentation, it should work
See http://www.elasticsearch.org/guide/reference/query-dsl/query-string-query.html
That said, you can create your query as below:
http://localhost:9200/indexname/_search?pretty=1&q=%2BDate%3A2000-12-30T10:11:25+%2Bid%3Aunique_id
Note : %2B is decoded as '+' whereas '+' is decoded as ' '
Try this.
GET /index/type/_search
{
"query": {
"match": {"Date":"2015-09-17 03:45:00-04"}
},
"filter" : {
"and" : [
{
"match": {"unique_id" : "6324"}
}
]
}
}
Reference link - https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-and-query.html
You can choose this query also ,(easy way)
GET myindex/mytype/_search
{
"query": {
"bool" : {
"must" :[
{
"term" : { "unique_id" : "6324"}
},
{
"term" : { "Date":"2015-09-17 03:45:00-04"}
}
],
}
}
}
I have the following code that queries across _all fields which include first, last, and date of birth:
POST /user/_search
{
"query": {
"match": {
"_all": {
"query": "John Doe 08/11/1992",
"operator": "and"
}
}
}
}
It works fine but I have a special case where if the date you query is not what is matched in the record but is 1/11/1111 then it should return the user as a match. For example:
POST /user/_search
{
"query": {
"match": {
"_all": {
"query": "John Doe 11/11/111",
"operator": "and"
}
}
}
}
Should find the document even though the correct birthday is 08/11/1992. How would one go about this exception?
Either use 'or' in the query. If this returns to many irrelevant results then try a Bool Query and split the name and the date. Then you can match on the exact name and only on parts of the date.