As a result of the following query to the type:
"query": {
"simple_query_string" : {
"query" : "RUDVRUMMXXX"
}
}
I get 5 hits. RUDVRUMMXXX is the entire text value of some field.
When I try to search with just a bit of its value (e.x. VRUMMXXX, or VRUMMX) elastic finds nothing.
I tried to add wildcard like that:
"query": {
"simple_query_string" : {
"query" : "*VRUMMXXX",
"analyze_wildcard" : true
}
}
but get zero result anyway.
also tried this:
"query": {
"wildcard" : {
"query" : "*VRUMMXXX"
}
}
...same success.
Any help is appreciated.
Try this:
{
"query":
{
"query_string" :
{
"query" : "*VRUMMXXX"
}
}
}
Related
I have the following SQL statement, I want to use ES7.13 implementation, please ask how I should write the code.
SELECT created_at from customer WHERE DATE_FORMAT(created_at,'%m') = '06'
Your question is about querying specific month in date. So the solution is to use script
POST /customer/_search
{
"query": {
"filter" : {
"script" : {
"script" : {
"source": "doc['created_at'].value.getMonthValue() == 6",
"lang": "painless"
}
}
}
}
}
Reference: https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-datetime.html
Es7.13 uses the following code
POST /customer/_search
{
"query": {
"bool": {
"filter" : {
"script" : {
"script" : {
"source": "doc['created_at'].value.getMonthValue() == 6",
"lang": "painless"
}
}
}
}
}
}
I have a json file with the following data:
{
"Index" : {
"example_user" : {
"important_key" : "leave_me_alone",
"blah" : {
"more_stuff" : {
"ignore_this" : "and_this_too"
}
}
},
"another_user" : {
"blah" : {
"more_stuff" : {
"ignore_this" : "and_this_too"
}
}
},
"extra_person" : {
"blah" : {
"more_stuff" : {
"ignore_this" : "and_this_too"
}
}
}
}
}
As you can see, important_key is missing from another_user and extra_person.
My goal is to conditionally add "imporant_key" : "" where it is missing but not replace any existing important_key values. The program i use is JQ (1.6) from https://stedolan.github.io/jq/.
After many failed attempts on jqplay.org and having intensively (re)searched the internet on how to get the job done , i've only managed to realize the following:
Filter:.Index[]+={"important_key":"data"}
Result
{
"Index": {
"example_user": {
"important_key": "data",
"blah": {
"more_stuff": {
"ignore_this": "and_this_too"
}
}
},
"another_user": {
"blah": {
"more_stuff": {
"ignore_this": "and_this_too"
}
},
"important_key": "data"
},
"extra_person": {
"blah": {
"more_stuff": {
"ignore_this": "and_this_too"
}
},
"important_key": "data"
}
}
}
I'm aware += (over)writes any existing key value (note example_user). I've been experimenting with multiple piped filters/operators, including |= and { }, but in the end, the above result was the closest i could get.
(unfortunately i can't seem to find the jqplay code snippet where i went "crazy" with everything)
The moment you have to conditionally do something, you have to do some sort of filtering, either using if or select or other means.
For every object you wish to inspect, check if the object has your important_key and add it when necessary. If it has the key, do nothing, otherwise set it.
.Index[] |= if has("important_key") then . else .important_key = $myImportantKey end
I'm trying to understand the syntax of Filters Aggregations in ElasticSearch, and I'm stumped. The example given in the documentation is this:
{
"aggs" : {
"messages" : {
"filters" : {
"filters" : {
"errors" : { "term" : { "body" : "error" }},
"warnings" : { "term" : { "body" : "warning" }}
}
},
"aggs" : {
"monthly" : {
"histogram" : {
"field" : "timestamp",
"interval" : "1M"
}
}
}
}
}
}
I understand the following:
"aggs" defines the aggregations blocks (it's a shortcut for "aggregations"). There's actually nested aggregations in the example, as can be seen.
"messages" is the user-defined name of the aggregation block.
"errors" and "warnings" are user-defined names of the filters used to create the "buckets" for the aggregation. They drop items with "body" equal to "error" and "warning" respectively ("term" matching).
What I don't understand is why "filters" appears twice, nested inside of itself. Per the general aggregations syntax:
"aggregations" : {
"<aggregation_name>" : {
"<aggregation_type>" : {
<aggregation_body>
}
[,"aggregations" : { [<sub_aggregation>]+ } ]?
}
[,"<aggregation_name_2>" : { ... } ]*
}
"aggs" is short for "aggregations"
"messages" is my "<aggregation name"
"filters" is the ""
What's the second "filters" element doing? And where is it documented that "filters" has to be self-nested; it doesn't seem to be the case for any of the other aggregations I'm learning.
I understand how you feel, been there, too :-)
In the filters aggregation, the first filters occurrence is the aggregation_type and the second is part of the aggregation_bodyof the filters aggregation and is the only valid key that this aggregation supports.
The second filters occurrence could have been called anything else (filter_list, list, etc) to denote that it contains the list of filters for that aggregation, but the ES folks picked filters which happen to also be the same name as the name of the aggregation itself.
So it goes like this:
{
"aggs" : { <--- key word to declare aggregations
"messages" : { <--- custom name for the aggregation that follows
"filters" : { <--- aggregation_type
"filters" : { <--- first (and only) key of the aggregation_body
"errors" : { "term" : { "body" : "error" }},
"warnings" : { "term" : { "body" : "warning" }}
}
},
"aggs" : {
"monthly" : {
"histogram" : {
"field" : "timestamp",
"interval" : "1M"
}
}
}
}
}
}
If I have a JSON like so:
{
"data": [
{
"service" : { "id" : 1 }
},
{
"service" : { "id" : 2 }
},
{
"service" : {}
}
]
}
This query works:
$..service[?(#.id==2)]
And gives expected result:
[
{
"id" : 2
}
]
However, if I had strings as id's:
{
"data": [
{
"service" : { "id" : "a" }
},
{
"service" : { "id" : "b" }
},
{
"service" : {}
}
]
}
Running similar query:
$..service[?(#.id == "a")]
Gives no results (empty array).
I am using this evaluator.
I was looking at docs here but could not find anything to point me in the right direction... Any help if someone knows how to write such query? Thanks :)
without " works
$..service[?(#.id == b)]
give this result
[
{
"id" : "b"
}
]
I have a document indexed in my elastic search like:
{
...
purchase:{
zones: ["FR", "GB"]
...
}
...
}
I use this kind of query to find for example document with puchase's zone to GB
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"term": {
"purchase.zones": "GB"
}
}
}
}
}
But with it i get no results...
I would like to perform a query like in php in_array("GB", purchase.zones).
Any help would be very helpful.
If your "purchase" field is nested type then you have to use nested query to access the "zones".
{
"nested" : {
"path" : "obj1",
"score_mode" : "avg",
"query" : {
"bool" : {
"must" : [
{
"match" : {"obj1.name" : "blue"}
},
{
"range" : {"obj1.count" : {"gt" : 5}}
}
]
}
}
}
}
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-nested-query.html