Menu
I am trying to query an Elasticsearch index by a time range, and additionally have a term match a specific string value.
I have tried this query, which seems pretty straightforward:
{
"query" : {
"bool": {
"must": [
{
"match": {
"method": "/customer/help"
}
},
{
"range" : {
"startTime": {
"from" : "2015-10-20T13:00-04:00",
"to" : "2015-10-20T14:00-04:00"
}
}
}
]
}
}
}
In this case, I want all of the documents within the given time range that also have a method value of "/customer/help".
In my results, I am receiving results that are within the time range, but I am getting documents that have various values for the "method" field, when I just want results with "/customer/help" in that field.
392
You can combine the queries using bool query. Based on your requirement you can use 'should' or 'must' inside the bool clauses. You may want to schearch for both the field you want, and then aggregate by the most important field.
To better search text fields, the match query also analyzes your provided search term before performing a search. This means the match query can search text fields for analyzed tokens rather than an exact term. The term query does not analyze the search term. The term query only searches for the exact term you provide.
A query that has a term query that matches 10,000 documents (0.1% of the index) is intersected with ranges that match various numbers of documents. On the X axis is the number of documents that the range matches, and on the Y axis is the time it took to run the query.
Basic Usage Elasticsearch will go through the specified field and search for all the documents that match the set value. Below is an example output: When using the term query, you must specify the field and the value under which to search.
In your mapping you need to have method as not_analyzed (or analyzed with keyword analyzer) and the query should use term. In this way, the text you index in method is indexed as is as a single token and term makes sure the text you search matches exactly the token indexed in method:
"method": {
"type": "string",
"index": "not_analyzed"
}
And the query you need to use:
{
"query": {
"bool": {
"must": [
{
"term": {
"method": "/customer/help"
}
},
{
"range": {
"startTime": {
"from": "2015-10-20T13:00-04:00",
"to": "2015-10-20T14:00-04:00"
}
}
}
]
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
