1

I am trying to combine wildcard with date range in Elasticsearch query but is not giving response based upon the wildcard search. It is returning response with items which have incorrect date range.

{
  "from": 0,
  "size": 10,
  "query": {
    "bool": {
      "must": [
        {
          "bool": {
            "should": [
              {
                "wildcard": {
                  "hostName": "*abc*"
                }
              },
              {
                "range": {
                  "requestDate": {
                    "gte": "2019-10-01T08:00:00.000Z"
                  }
                }
              }
            ]
          }
        }
      ]
    }
  }
}

The index mapping looks as below:

{
  "index_history": {
    "mappings": {
      "applications_datalake": {
        "properties": {
          "query": {
            "properties": {
              "term": {
                "properties": {
                  "server": {
                    "type": "text",
                    "fields": {
                      "keyword": {
                        "type": "keyword",
                        "ignore_above": 256
                      }
                    }
                  }
                }
              }
            }
          }
        }
      },
      "index-data-type": {
        "properties": {
          "attributes": {
            "properties": {
              "wwnListForServer": {
                "type": "text",
                "fields": {
                  "keyword": {
                    "type": "keyword",
                    "ignore_above": 256
                  }
                }
              }
            }
          },
          "hostName": {
            "type": "keyword"
          },
          "requestDate": {
            "type": "date"
          },
          "requestedBy": {
            "properties": {
              "id": {
                "type": "keyword"
              },
              "name": {
                "type": "keyword"
              }
            }
          }
        }
      }
    }
  }
}
Improve this question

2 Answers 2

Reset to default
3

You missed minimum_should_match parameter, Check this out : https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html.
I think your query should looklike this:

{
  "from": 0,
  "size": 10,
  "query": {
    "bool": {
      "must": [
        {
          "bool": {
            "should": [
              {
                "wildcard": {
                  "hostName": "*abc*"
                }
              },
              {
                "range": {
                  "requestDate": {
                    "gte": "2019-10-01T08:00:00.000Z"
                  }
                }
              }
            ],
            "minimum_should_match" : 2
          }
        }
      ]
    }
  }
}

From the documentation :

You can use the minimum_should_match parameter to specify the number or percentage of should clauses returned documents must match.

If the bool query includes at least one should clause and no must or filter clauses, the default value is 1. Otherwise, the default value is 0.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

{ "error": { "root_cause": [ { "type": "action_request_validation_exception", "reason": "Validation Failed: 1: mapping type is missing;" } ], "type": "action_request_validation_exception", "reason": "Validation Failed: 1: mapping type is missing;" }, "status": 400 }
0

According to your mappings, you have to call-out the fully qualified property for hostName and requestDate fields. Example:

"wildcard": {    
  "index-data-type.hostName": {
    "value": "..."
  }
}

Also, could also consider reducing your compound queries to just the main bool query, using the must clause, and apply a filter. Example:

{
  "from": 0, 
  "size": 20, 
  "query": {
    "bool": {
      "must": [
        {
          "wildcard": {
            "index-data-type.hostName": {
              "value": "*abc*"
            }
          }
        }
      ],
      "filter": {
        "range": {
          "index-data-type.requestDate": {
            "gte": "2019-10-01T08:00:00.000Z"
          }
        }
      }
    }
  }
}

The filter context doesn't contribute to the _score yet it reduces your number of hits.

Warnining: Using the leading asterisk (*) on a wildcard query can have severe performance impacts to your queries.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.