I want to filter a elastic search query to find salary of a employee greater than or less than a particular amount.What should be the filtered query??
{
"from": 0,
"size": 24,
"query": {
"bool": {
"must": {
"multi_match": {
"query": "claims",
"fields": ["Employee"],
"fuzziness": "AUTO"
}
}
}
},
"highlight": {
"type": "unified",
"fields": {
"*": {}
}
}
}
You can use something like that for range query,
"query": {
"range" : {
"salary" : {
"gte" : "1000",
"lt" : "3000"
}
}
}
Related
I am ne on elastichSearch. i am trying the exact match and and operation. I tried so many ways but all the time the response is mess for me. It is like fuzzy match. I need exact match as RDBMS
SELECT * FROM IP="1.1.1.1" AND NAME="ETH1/10"
Thanks in advance.
If You need the exact match than instead of match query use term query
Adding a working example
Index mapping
{
"mappings": {
"properties": {
"name": {
"type": "keyword"
},
"ip" :{
"type" : "ip"
}
}
}
}
Index sample doc
{
"name" : "ETH1/10",
"ip" : "1.1.1.1"
}
And search query
{
"query": {
"bool": {
"filter": [ --> use `filter` as pointed by #Val in the comment.
{
"term": {
"ip": "1.1.1.1"
}
},
{
"term": { --> `term` query for exact match.
"name": "ETH1/10"
}
}
]
}
}
}
And search result
"hits": [
{
"_index": "65167713",
"_type": "_doc",
"_id": "1",
"_score": 0.0,
"_source": {
"name": "ETH1/10",
"ip": "1.1.1.1"
}
}
]
How about this?
{
"query":{
"bool":{
"must":[
{
"match":{
"IP":"1.1.1.1"
}
},
{
"match":{
"NAME":"ETH1/10"
}
}
]
}
}
}
}
I do have the documents like below in my index
{
"bookName" : "coolbook",
"timeStamp" : "2018-11-19T12:52:17.000Z",
"referenceId" : "auth_test_01_01_000004",
"peoplestatus" : [
{
"personId" : "p1",
"status" : "like"
},
{
"personId" : "p2",
"status" : "dislike"
},{
"personId" : "p3",
"status" : "netrual"
}
]
}
Now I want to query the aggregations of book count for person p1,p2 like below
the counts of books
p1-liked but p2-disliked
p1,p2 both liked
p2-disliked but p1-liked
p1,b2 both disliked
Thanks for your help
Since you require buckets with different filter for each bucket, filters aggregation is best fit for this.
As per your comment there will be two person ids to be compared following is the query for your following two combinations:
P1 liked but P2 disliked
P1 and P2 both liked
{
"query": {
"match_all": {}
},
"aggs": {
"books": {
"filters": {
"filters": {
"P1L_P2DL": {
"bool": {
"must": [
{
"nested": {
"path": "peoplestatus",
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"term": {
"peoplestatus.personId": "p1"
}
},
{
"term": {
"peoplestatus.status": "like"
}
}
]
}
}
]
}
}
}
},
{
"nested": {
"path": "peoplestatus",
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"term": {
"peoplestatus.personId": "p2"
}
},
{
"term": {
"peoplestatus.status": "dislike"
}
}
]
}
}
]
}
}
}
}
]
}
},
"L1N3": {
"bool": {
"must": [
{
"nested": {
"path": "peoplestatus",
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"term": {
"peoplestatus.personId": "p1"
}
},
{
"term": {
"peoplestatus.status": "like"
}
}
]
}
}
]
}
}
}
},
{
"nested": {
"path": "peoplestatus",
"query": {
"bool": {
"must": [
{
"bool": {
"must": [
{
"term": {
"peoplestatus.personId": "p2"
}
},
{
"term": {
"peoplestatus.status": "like"
}
}
]
}
}
]
}
}
}
}
]
}
}
}
}
}
},
"size": 0
}
How to use Elasticsearch 1.6/1.7 version geo distance filter with bool term query like this. How and here two merge these two queries
Original query:
{
"query": {
"bool": {
"must": [
{
"term": {
"categories": "tv"
}
}
],
"should": [
{
"term": {
"subCategory": "led"
}
}
],
"minimum_should_match": 1,
"boost": 2
}
}
}
I want to search products with above bool query with distance of 10 miles
{
"filtered": {
"filter": {
"geo_distance": {
"distance": "10km",
"sellerInfoES.address.sellerLocation": "28.628978,77.21971479999999"
}
}
}
}
Thanks Val! Query is working, I am not getting any query parsing error. However this geo query is not returning and distance range result. I am using Elasticsearch 1.6 and stored sellerLocation as geo_point.Mapping:
{
"SellerInfoES": {
"type": "nested",
"properties": {
"sellerLocation": {
"type": "geo_point"
}
}
}
}
This geo_query is not working
{
"geo_distance": {
"distance": "100km",
"sellerLocation": {
"lat": 28.628978,
"lon": 77.21971479999999
}
}
}
You can combine both query/filters like this:
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"categories": "tv"
}
},
{
"nested": {
"path": "sellerInfoES",
"filter": {
"geo_distance": {
"distance": "10km",
"sellerInfoES.sellerLocation": {
"lat": "28.628978",
"lon":"77.21971479999999"
}
}
}
}
}
],
"should": [
{
"term": {
"subCategory": "led"
}
}
],
"minimum_should_match": 1,
"boost": 2
}
}
}
}
}
I do a query on Elasticsearch from Kibana 4.4.1 which looks like this :
{
"size": 0,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "FALK0911622560T",
"analyze_wildcard": true
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"#timestamp": {
"gte": 1438290000000,
"lte": 1440968400000,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
},
"aggs": {
"2": {
"date_histogram": {
"field": "#timestamp",
"interval": "1w",
"time_zone": "Europe/Helsinki",
"min_doc_count": 1,
"extended_bounds": {
"min": 1438290000000,
"max": 1440968400000
}
},
"aggs": {
"1": {
"percentiles": {
"field": "Quantity",
"percents": [
50
]
}
}
}
}
}
}
This piece of code will return all the docs with "ProductCode" = FALK0911622560T", between the given interval.
I tried the same thing with Elasticsearch Java API with the following code :
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery().must(QueryBuilders.matchQuery(matchQueryKey,matchQueryValue));
SearchResponse response = client.prepareSearch(indexName)
.setTypes(indexTypeName)
.setQuery(boolQueryBuilder)
.setSize(100)
.addAggregation(AggregationBuilders
.dateHistogram("myHistogram")
.field("#timestamp")
.interval(DateHistogramInterval.WEEK)
.timeZone("Europe/Helsinki")
.minDocCount(1)
.extendedBounds(1438290000000L, 1440968400000L))
.addFields(fieldsOfInterest)
.execute()
.actionGet();
response.getAggregations();
But I get all the documents in the index with "ProductCode" = FALK0911622560T.
Between the given time, I should have only 5 documents on response.getAgregations() because I set the interval to be Week.
A doc in Elasticsearch looks like this :
{
"_index": "warehouse-550",
"_type": "core2",
"_id": "AVOKCqQ68h4KkDGZvk6b",
"_score": null,
"_source": {
"message": "5,550,67.01,FALK0911622560T,2015-07-31;08:00:00.000\r",
"#version": "1",
"#timestamp": "2015-07-31T06:00:00.000Z",
"path": "D:/Programs/Logstash/x_testingLocally/processed-stocklevels-550-25200931072015.csv",
"host": "EVO385",
"type": "core2",
"Quantity": 5,
"Warehouse": "550",
"Price": 67.01,
"ProductCode": "FALK0911622560T",
"Timestamp": "2015-07-31;08:00:00.000"
},
"fields": {
"#timestamp": [
1438322400000
]
},
"highlight": {
"ProductCode": [
"#kibana-highlighted-field#FALK0911622560T#/kibana-highlighted-field#"
],
"message": [
"5,550,67.01,#kibana-highlighted-field#FALK0911622560T#/kibana-highlighted-field#,2015-07-31;08:00:00.000\r"
]
},
"sort": [
1438322400000
]
}
Please help.
Thank you.
You did not add the rangeQuery. Change your boolQueryBuilder to following:
BoolQueryBuilder boolQueryBuilder = QueryBuilders.boolQuery().must(QueryBuilders.matchQuery(matchQueryKey,matchQueryValue)).must(QueryBuilders.rangeQuery("#timestamp").gte(fromValue).lte(toValue));
You can get buckets using:
InternalDateHistogram histogram = searchResponse.getAggregations().getAsMap().get(aggregation_name);
List bucketList = histogram?.getBuckets()
In the following query I want to filter the query results to size medium and color blue but I want aggregations to ignore that the color blue is applied.
{
"query":{
"bool" {
"must": {
"query_string": {
"query": "foo"
}
},
"should": {
// deferred
}
}
},
"filter": {
"term": {"size": "m"}
},
"aggregations": {
// deferred
},
"post_filter":{
"term":{"color":"blue"}
}
}
The problem is whenever the post_filter is present the size filter no longer has any effect on the query result. What am I missing?
EDIT: elasticsearch version 1.5.1
Your filter is acting as a post_filter, i.e. it gets overwritten by the subsequent post_filter.
You should either have a post_filter that covers both the size and color (if you want these excluded from the aggregation) or move the size filter into a filtered query:
"query": {
"filtered": {
"query":{
"bool" {
"must": {
"query_string": {
"query": "foo"
}
},
"should": {
// deferred
}
}
},
"filter" : {
"term": {"size": "m"}
}
}
}
Which version of elasticsearch you are using?
If you want certain filter to be considered in aggregation it should be inside a query scope (so use filtered query), any other filter is considered out of the query scope so won't be considered for aggregation count but will affect the final output.
Change the query as below:
{
"query": {
"filtered": {
"query": {
"bool": {
"must": {
"query_string": {
"query": "foo"
}
},
"should": {
//deferred
}
}
},
"filter": {
"term": {
"size": "m"
}
}
}
},
"aggregations": {
//deferred
},
"post_filter": {
"term": {
"color": "blue"
}
}
}
This will aggregate on result of size:m only but final result will be on color:blue and size:m