I need to search for a nested field like following:
"bool": {
"should": {
"nested": {
"path": "partnerData",
"query": {
"query_string": {
"query": "Dimmi",
"fields": ["partnerData.partnerName"]
}
}
}
}
}
What I need to do now is to make this filter optional from a query parameter.
If online-booking: true apply this filter, if online-booking: false do not apply the filter.
How can I achieve this?
Thanks,
Marco
You should use multiple bool queries.
First query make sure that online-booking is false, second make sure that its true and second condition is also true. At least one query must match to be returned
{
"bool": {
"should": [
{
"term": {
"online-booking": false
}
},
{
"bool": {
"must": [
{
"term": {
"online-booking": true
}
},
{
"nested": {
"path": "partnerData",
"query": {
"query_string": {
"query": "Dimmi",
"fields": [
"partnerData.partnerName"
]
}
}
}
}
]
}
}
]
}
}
"bool": {
"should": [{
"nested": {
"path": "partnerData",
"query": {
"query_string": {
"query": "Dimmi",
"fields": ["partnerData.partnerName"]
}
}
}
},{
"query_string": {
"query": "$negate-online-booking$",
"default_field": "name"
}
}]
}
If negate-online-booking is different from _exists_:name filter will be applied. If its value is equal to _exists_:name filter will not applied.
If there is a better way to achieve the same result please suggest it.
Related
I am trying to do a DSL Query filter in Kibana for a specific URI, while matching multiple IP subnets.
So far I have managed to make it work with only one IP subnet:
{
"query": {
"bool": {
"must": [
{
"match": {
"uripath": "/specific-uri-path"
}
},
{
"match": {
"clientip": "10.0.0.0/8"
}
}
]
}
}
}
But if I try to match for multiple subnets, it fails (probably because match can only contain different fields):
{
"query": {
"bool": {
"must": [
{
"match": {
"uripath": "/specific-uri-path"
}
},
{
"match": {
"clientip": "10.0.0.0/8",
"match": {
"clientip": "14.0.0.0/8"
}
}
]
}
}
}
I was able to make it work with the terms query. That means that I can also use an array of values for "clientip", so overall it's cleaner. I hope it will help someone else too.
{
"query": {
"bool": {
"must": [
{
"match": {
"uripath.keyword": "/specific-uri-path"
}
},
{
"terms": {
"clientip": [
"10.0.0.0/8",
"14.0.0.0/8",
"20.0.0.0/8"
]
}
}
]
}
}
}
Hi my data is structured in the following manner:
student{
subjects{
biology:{
0: "A2-Level"
1:"AS-Level"
2:"University"
}
}
}
My main index is at student, therefore my properties are as follows
"mappings":{"student":{"properties":{"subjects":{"type":"nested","properties":{"biology":{"type":"string"},"english":{"type":"string"}}}
Im currently doing this search :
var query = {
index: 'firebase',
type: 'student',
"body": {
"query": {
"bool": {
"must": [
{
"nested": {
"path": "subjects",
"query": {
"bool": {
"must": [
{ "exists": { "field": english } }
]
}
}
}
}
]
to return the students that are studying english. However nothing is being returned? Can anyone suggest where I am going wrong?
You should check for subjects.english field instead of english
So, your query should look something like this:
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "subjects",
"query": {
"bool": {
"must": [
{
"exists": {
"field": "subjects.english"
}
}
]
}
}
}
}
]
}
}
}
I am trying to use this query to get all documents with a closed or pending status or with no status at all.but this query always return nothing.
"query": {
"bool": {
"should": [
"terms": {
"status": ["closed","pending"]
},
"missing":{
"field":"status"
}
]
}
}
Individually the queries are working.If I use:
"query": {
"bool": {
"should": [
"terms": {
"status": ["closed","pending"]
}
]
}
}
then it returns 2 documents.
And if I use
"query": {
"bool": {
"should": [
"missing":{
"field":"status"
}
]
}
}
it returns 3.
These results are correct for each query.I just want to combine the 2 queries and get the result 5.What is wrong with the first query?
This ES 5.0 query and it should work on version 2.0
POST es1/example/_search
{
"query": {
"bool": {
"should": [
{
"terms": {
"status": [
"closed",
"pending"
]
}
},
{
"bool": {
"must_not": [
{
"exists": {
"field": "status"
}
}
]
}
}
]
}
}
}
I need to do as this sentence sql in elasticsearch but not run me
select * from user where (name like '%juan%') and position = 2 and catid in (4,3,76453,345,345,345345,345) and prof = 9
This is one of the examples I've used
{
"size": 25,
"query":
{
"filtered":
{
"filter":
{
"and":
[
{ "term": { "user":"juan" } },
{ "term": { "position":"2" } },
{
"or":
[
{ "term": { "catid":"4" } },
{ "term": { "catid":"3" } }
]
}
]
}
}
}
}
Other :
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"bool": {
"should": [{
"term": {
"name": "juan"
}
}]
}
},
{
"bool": {
"should": [{
"term": {
"position": "2"
}
}]
}
}
]
},
"or":
[
{ "term": { "catid":"4" } },
{ "term": { "catid":"3" } }
]
}
}
},
"size": 1000
}
I really need to search for word and with many variables , here I do not put all but given time are at least 10 more ..
The filters were removed in version 2.0 of Elasticsearch and you have to use the queries instead. If you want to filter, you have two options now:
Use bool query with filter clause (equivalent to a filtered query containing scoring)
Use constant_score query (equivalent to a filtered query without scoring)
Moreover, you should avoid and and or queries, as they are deprecated and will be removed soon.
Regarding your SQL query, I'd translate it like that:
"query": {
"bool": {
"filter": {
"bool": {
"must": [
{
"match": { "user": "juan" }
},
{
"term": { "position":"2" }
},
{
"terms": {
"catid": [4,3,76453,345]
}
}
]
}
}
}
}
Please note that term-query do exact matches on your fields! If e.g. your user field contains names containing of multiple words. The term-query won't return the expected result. In this case, you should use the match-query.
It seems to work
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"numeric_range": {"stocktotal": {"gte": 2,"lte": 99999999999}}
}
,
{
"term": { "cat_name":"limpiadoasabarra_derechabarra_derechaapulidoras__de__superficies" }
},
{"terms": {"supplier_id": [8634, 916]}}
]
}
}
},
"size" : 1000,
"aggs" : {
"etiquetas" : {"terms" : { "field" : "supplier_name" }, "size" : 20 },
"nombre_familia" : {"terms" : { "field" : "nombre_familia", "size" : 20 }},
"nombre_subfamilia" : {"terms" : { "field" : "nombre_subfamilia", "size" : 20 }},
"cat_name" : {"terms" : { "field" : "cat_name" }, "size" : 20}
}
}
I have a list of values and I want all documents that have any of these values in their product_code field.
I tried this, but even though it doesn't give an error, it only gives me one of the documents:
"query": {
"match": {
"product_code": {
"query": ["ABC 4", "ABC 5"]
}
}
}
So I'm basically looking for the functionality of the terms filter, but with analysis.
Of course I could do:
"bool": {
"should": [
{
"query": {
"match": {
"product_code": "ABC 4"
}
}
},
{
"query": {
"match": {
"product_code": "ABC 5"
}
}
}
]
}
but this gets rather verbose for long lists.
product_code is defined like this:
"product_code": {
"type": "string",
"analyzer": "product_code",
}
with the product_code analyzer:
"product_code": {
"type": "custom",
"filter": [
"lowercase",
"trim"
],
"tokenizer": "keyword"
}
There isn't an equivalent of the terms query for match AFAIK. Another option is the query_string which is less verbose:
{
"query": {
"query_string": {
"default_field": "product_code",
"query": "\"ABC 4\" OR \"ABC 5\""
}
}
}
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html
I might be missing something, but how about:
{
"constant_score" : {
"filter" : {
"terms" : { "product_code" : ["ABC 4", "ABC 5"]}
}
}
}
Could this be what you're looking for?