38

I'm new to Elasticsearch and I'm wondering how I can make a search specifing one or more fields.

With SQL I would write this query: 

"SELECT field1, field2, field3 FROM tablename WHERE field1 = 'X' AND field2 != 'Y' AND field3 = 'Z'"

In Elasticsearch I'm starting from this:

{
    "query": {
        "filtered": {
            "query": {
                "query_string": {
                    "query": "*"
                }
            },
            "filter": {
                "term" : {
                    "field1" : "286"
                }
            }
        }
    }
}
Improve this question
0

4 Answers 4

Reset to default
40

The sql query is equivalent to:

{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "field1": "X"
          }
        },
        {
          "term": {
            "field3": "Z"
          }
        }
      ],
      "must_not": {
        "term": {
          "field2": "Y"
        }
      }
    }
  }
}

In any case I recommend you to read a bit the doc before starting with elasticsearch if you are new.

There are lots of types of queries and some of them depends on how you index your data, for example for strings, you can analyze strings (lowercase, stem words, remove stopwords, ...) at index time. The query I posted will never match a doc whose field1 is "X" if you analyze that field at index time and convert it to lower case.

Once you know a little bit better elasticsearch you can use filters for improving your queries.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

What if I wanted to search field1 for "X" and "Q"? I tired something like: "field1": ["X","Q"] but didn't work
@codeBarer use terms query instead of term query. Look at this => elasticsearch.org/guide/en/elasticsearch/reference/current/…
I believe instead of term, you can use match as well!
36

You need to pick the right query for the job, which can be hard in the beginning. You can definitely use a bool query to combine all sorts of different queries together, like already suggested. There are also queries that allow to be executed on multiple fields, and map to boolean queries internally. Also, term queries are not so common in a production system since they don't support any text analysis, while you usually want to analyze the query in a way that's similar to the way you indexed the field you are querying.

One of the most common queries in elasticsearch is the match query, which works on a single field. And there's another query with the very same options that works also on multiple fields, called multi_match. These queries support text analysis and work really well. I would suggest to use them over query_string query for instance, which is a lot more powerful but error-prone as well due to the needed parsing process. I would say use the query_string only if you specifically need one of its features (e.g. specifying the field names or boolean operators within the query itself), otherwise go for match queries.

It's also important to understand the difference between queries and filters, have a look here to know more.

And do have a look at all the queries available with the query DSL and play around with those, just to have a feeling of all the different things you can do.

Improve this answer

3 Comments

Aside from being well written, this post was incredibly helpful. Thank you for your explanation and linking to sources.
How would you combine multi_match with match_phrase_prefix? I want to search for a substring in multiple fields. It doesn't have to match all fields, as long as it exists in one of them.
Updated links: term queries , multi_match , the query DSL
1

If you want to search same value on multiple fields then you can try

{"query": {"multi_match": {"query": "querystring", "fields": ["name", "description"]}}}

Replace querystring with your search keyword

Improve this answer

Comments

0

I would suggest to start with Elastic's Simple query. It's more SQL-like and easier to understand. Link: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html

Query syntax will look like, e.g. if you're trying to find guest with name John AND lastname Doe: 

GET /_search
{
  "query": {
    "simple_query_string" : {
        "query": "John + Doe",
        "fields": ["guest"],
        "default_operator": "and"
    }
  }
}

If any of this criterias will not match, query will return no hits. Also, here you can search over multiple fields, but it will be slower rather than searching on one field. Also, per docs, simple query support special symbols as logical\search operators:

 '+' signifies AND operation | signifies OR operation
 '-' negates a single token " wraps a number of tokens to signify a phrase for searching
 '*' at the end of a term signifies a prefix query
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.