Coming from here i'm asking myselve for the elasticsearch syntax for such querys:
WHERE text LIKE "%quick%"
AND text LIKE "%brown%"
AND text LIKE "%fox%"
my try (unfortunately without success)
"query": {
"bool": {
"filter": [
{
"bool": {
"must": [
{
"terms": {
"text": [
"*quick*",
"*brown*",
"*fox*"
]
}
}
]
}
}
]
}
}
Try using bool and wildcard to do such a query.
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"text": "*quick*"
}
},
{
"wildcard": {
"text": "*brown*"
}
},
{
"wildcard": {
"text": "*fox*"
}
}
]
}
}
}
Wildcard Query Matches documents that have fields matching a wildcard expression (not analyzed). Supported wildcards are *, which matches any character sequence (including the empty one), and ?, which matches any single character.
That's what you're looking for. Just put desired amount of wildcard queries in your bool/must:
{
"query": {
"bool": {
"must": [
{
"wildcard": {
"text": {
"value": "*quick*"
}
}
},
{
"wildcard": {
"text": {
"value": "*brown*"
}
}
},
{
"wildcard": {
"text": {
"value": "*fox*"
}
}
}
]
}
}
}
Related
We recently migrated to Open Search, we are recreating our db logic inside OS, and in most scenarios we have been successful.
There is one use case that we are struggling heavily to achieve.
The original query has nested conditions like this :
WHERE
(
(
NOT D2.DOCTYPE IN ('Text','Log','Query')
AND D2.ATTRIBUTE1 LIKE #DocNumber
)
OR (
D2.DOCTYPE IN ('Novel','Comedy')
AND D2.ATTRIBUTE2 LIKE #DocNumber
)
OR (
D2.DOCTYPE = 'Science-text'
AND D2.ATTRIBUTE3 LIKE #DocNumber
)
OR (
D2.DOCTYPE IN ('Fiction', 'Romance')
AND D2.ATTRIBUTE4 LIKE #DocNumber
)
)
AND (
#Revision = ''
AND D2.RFLAG = 'C'
)
I have read the documentation of boolean queries (https://opensearch.org/docs/latest/opensearch/query-dsl/bool/) inside OP and I know its possible to achieve this query, but for the life of me I have not been able to achieve it.
The closest I have been to achieve the query is this :
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"should": [
{
"bool": {
"must_not": [
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Text"
}
}
},
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Log"
}
}
},
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Query"
}
}
}
]
}
},
{
"bool": {
"must": [
{
"wildcard": {
"DOCUMENTNUMBER": {
"value": "12%"
}
}
}
]
}
}
]
}
},
{
"bool": {
"should": [
{
"bool": {
"should": [
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Novel"
}
}
},
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Comedy"
}
}
}
]
}
},
{
"bool": {
"must": [
{
"wildcard": {
"DESCRIPTIOn": {
"value": "12%"
}
}
}
]
}
}
]
}
},
{
"bool": {
"should": [
{
"bool": {
"should": [
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Science-Text"
}
}
}
]
}
},
{
"bool": {
"must": [
{
"wildcard": {
"ATTRIBUTE3": {
"value": "12%"
}
}
}
]
}
}
]
}
},
{
"bool": {
"should": [
{
"bool": {
"should": [
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Fiction"
}
}
},
{
"wildcard": {
"DOCUMENTTYPE": {
"value": "Romance"
}
}
}
]
}
},
]
}
}
],
"must": [
{
"wildcard": {
"RFLAG": {
"value": "C"
}
}
}
]
}
}
}
But this query ALWAYS bring the total amount of data inside my index.
What am I doing wrong ?
I'm new to elastic search and I'm having a hard time figuring out how to transform the SQL query below into ES syntax :
WHERE (id IS NULL OR (id IS NOT NULL AND test = 0))
I guess I have to use the "should" keyword somewhere and maybe the filter, but I'm not quite sure how to make the query in ES.
Your query should be like:
{
"bool": {
"should": [
{
"bool": {
"must_not": [
{
"exists": {
"field": "id"
}
}
]
}
},
{
"bool": [
"must": [
{
"exists": {
"field": "id"
}
},
{
"term": {
"test": {
"value": 0
}
}
}
]
]
}
]
}
}
How can I get this simple SQL query running on Elasticsearch?
SELECT * FROM [mytype] where (id=123 and cid = classroomIdA) or
(id=234 and cid = classroomIdB) or (id=345 and cid = classroomIdC)
I'm really having troubles with its syntax, multi-match queries doesn't work in my case. What type of query should I use?
The right way to do it is to combine bool/should (for the outer OR conditions) and bool/filter (for the inner AND conditions) together.
POST mytype/_search
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"filter": [
{
"term": {
"id": 123
}
},
{
"term": {
"cid": "classroomIdA"
}
}
]
}
},
{
"bool": {
"filter": [
{
"term": {
"id": 234
}
},
{
"term": {
"cid": "classroomIdB"
}
}
]
}
},
{
"bool": {
"filter": [
{
"term": {
"id": 345
}
},
{
"term": {
"cid": "classroomIdC"
}
}
]
}
}
]
}
}
}
UPDATE
The equivalent ES 1.7 query would be (just replace bool/filter by bool/must):
POST mytype/_search
{
"query": {
"bool": {
"minimum_should_match": 1,
"should": [
{
"bool": {
"must": [
{
"term": {
"id": 123
}
},
{
"term": {
"cid": "classroomIdA"
}
}
]
}
},
{
"bool": {
"must": [
{
"term": {
"id": 234
}
},
{
"term": {
"cid": "classroomIdB"
}
}
]
}
},
{
"bool": {
"must": [
{
"term": {
"id": 345
}
},
{
"term": {
"cid": "classroomIdC"
}
}
]
}
}
]
}
}
}
I"m trying to get a function_score working, but it appears to be ignored. Here's my query:
{
"explain" : true,
"query": {
"function_score": {
"functions": [
{
"script_score": {
"script": "_score * 999 * doc['total_digital_items_sold'].value"
}
}
],
"query": {
"filtered": {
"query": {
"query_string": {
"query": "photo",
"fields": [ "title^3" ],
"use_dis_max": true,
"analyzer": "snowball"
}
},
"filter": { "and": [ { } ] }
}
}
}
}
}
}
It appears to not affect the results, nor show up in the explain. Any ideas on what I'm doing wrong?
I'm using ElasticSearch for logging within an application. I need to write a log viewer that filters on all the fields of my document.
My documents look like this:
"_source": {
"timestamp": 1373502012000,
"userId": 6,
"paId": 56331,
"lId": 6,
"prId": 2,
"vId": 6336,
"actionType": "LOAD_DATA"
}
actionType is an enum (Java).
I need to write a ElasticSearch equivalent to the following SQL query:
SELECT * FROM snapshot.action_log_item
WHERE timestamp BETWEEN 1372718783286 AND 1372718783286
AND userId=6
AND paId=56331
AND lId=6
AND prId=2
AND vId=6336
AND (
actionType='LOAD_DATA' OR
actionType='SAVE_DATA' OR
actionType='LOG_IN'
);
Please help me write a properly nested query and/or filter to get a result equivalent to my SQL statement.
EDIT Here's my current code (that works without the { "or"... portion).
{
"query" : {
"bool" : {
"must" : [ {
"term" : {
"userId" : 6
}
}, {
"term" : {
"lId" : 6
}
}, {
"term" : {
"vId" : 6336
}
} ]
}
},
"filter" : {
"and" : {
"filters" : [ {
"term" : {
"paId" : 56331
}
}, {
"range" : {
"timestamp" : {
"from" : 1372718783286,
"to" : 1377643583286,
"include_lower" : true,
"include_upper" : true
}
}
}, {
"or" : {
"filters" : [ {
"term" : {
"actionType" : "LOAD_DATA"
}
}, {
"term" : {
"actionType" : "SAVE_DATA"
}
}, {
"term" : {
"actionType" : "LOG_IN"
}
} ]
}
} ]
}
}
}
EDIT: The following query works. It's not the same query as above, but it returns the expected result. It seems that these filters/queries don't work on the actionType field.
{
"size": 30,
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"term": {
"uId": 6
}
},
{
"term": {
"loId": 6
}
},
{
"term": {
"prId": 2
}
},
{
"terms": {
"paId": [
56331,
56298
],
"minimum_should_match": 1
}
}
]
}
},
"filter": {
"range": {
"timestamp": {
"from": 1372718783286,
"to": 1377643583286,
"include_lower": true,
"include_upper": true
}
}
}
}
}
}
The {or... portion should like this:
{
"or": [
{
"term": {
"actionType": "LOAD_DATA"
}
},
{
"term": {
"actionType": "SAVE_DATA"
}
},
{
"term": {
"actionType": "LOG_IN"
}
}
]
}
You can check the doc for that filter here
Edit
As I see you are having problems I rewrote your query. I hope it helps
{
"query": {
"filtered": {
"query": {
"bool": {
"must": [
{
"term": {
"userId": 6
}
},
{
"term": {
"paId": 56331
}
},
{
"term": {
"lId": 6
}
},
{
"term": {
"prId": 2
}
},
{
"term": {
"vId": 6336
}
},
{
"terms": {
"actionType": [
"LOAD_DATA",
"SAVE_DATA",
"LOG_IN"
],
"minimum_should_match": 1
}
}
]
}
},
"filter": {
"range": {
"timestamp": {
"from": 1372718783286,
"to": 1377643583286,
"include_lower": true,
"include_upper": true
}
}
}
}
}
}
Basically I put the date range as filter and the other conditions are term queries inside the must clause of the boolean query. You can see that the or part is now inside the must clause as a terms query that act as or between those 3 values.