Skip to main content

ElasticSearch query syntax

About 869 wordsAbout 3 minComputerElasticSearchDecember 4, 2024

match Query

The match query is one of the most commonly used query types for full-text search. It tokenizes the query string and searches for these tokens in the specified field.

GET /my_index/_search
{
  "query": {
    "match": {
      "message": "ElasticSearch query syntax"
    }
  }
}

term Query

The term query is used for exact matching of a specific value. It is suitable for precise searches of structured data.

GET /my_index/_search
{
  "query": {
    "term": {
      "status": "active"
    }
  }
}

terms Query

The terms query is used to match multiple values. It is typically used to search for multiple different values in a field.

{
    "query": {
        "terms": {
            "country": ["USA", "Canada", "Mexico"]
        }
    }
}

range Query

The range query is used for range searches, allowing you to find values that fall within a specified range on a given field.

GET /my_index/_search
{
  "query": {
    "range": {
      "age": {
        "gte": 30,
        "lte": 40
      }
    }
  }
}

wildcard Query

The wildcard query is used for wildcard searches, allowing you to match any character within a field's value.

GET /my_index/_search
{
  "query": {
    "wildcard": {
      "user": "ki*y"
    }
  }
}

bool Query

The bool query is used to combine multiple query conditions. It contains four clauses: must, filter, should, and must_not.

GET /my_index/_search
{
    "query": {
        "bool": {
            "must": [{ "match": { "title": "ElasticSearch" } }],
            "filter": [{ "term": { "status": "active" } }],
            "should": [{ "range": { "age": { "gte": 30 } } }],
            "must_not": [{ "term": { "status": "inactive" } }]
        }
    }
}

must Clause

  • Purpose: The conditions in the must clause must all be met, equivalent to an AND logic.
  • Usage: Specify conditions that must be matched in the query.
{
    "query": {
        "bool": {
            "must": [
                { "match": { "title": "ElasticSearch" } },
                { "term": { "status": "published" } }
            ]
        }
    }
}

In this example, the document must match both title containing "ElasticSearch" and status being "published".

filter Clause

  • Purpose: The conditions in the filter clause must also be met, but they do not affect the relevance score (_score). Suitable for filtering structured data.
  • Usage: Specify filtering conditions that must be matched in the query without affecting the relevance score.
{
    "query": {
        "bool": {
            "filter": [
                { "term": { "status": "published" } },
                { "range": { "publish_date": { "gte": "2023-01-01" } } }
            ]
        }
    }
}

In this example, the document must match status being "published" and publish_date after January 1, 2023.

should Clause

  • Purpose: If the conditions in the should clause are met, the relevance score of the document increases. Equivalent to an OR logic, but if at least one must clause exists, not all should clauses are required to be met.
  • Usage: Specify one or more conditions that should be matched in the query to affect the relevance score.
{
    "query": {
        "bool": {
            "should": [
                { "match": { "description": "fast" } },
                { "match": { "description": "reliable" } }
            ]
        }
    }
}

In this example, the document's relevance score will be higher if it contains "fast" or "reliable".

must_not Clause

  • Purpose: The conditions in the must_not clause must not be met, equivalent to a NOT logic.
  • Usage: Specify conditions that should not be matched in the query.
{
    "query": {
        "bool": {
            "must_not": [{ "term": { "status": "draft" } }]
        }
    }
}

In this example, the document's status should not be "draft".

from Parameter

The from parameter is used to specify the starting position of the query results. Typically used for pagination, with a default value of 0, meaning start from the first record.

Example:

GET /my_index/_search
{
  "query": {
    "match_all": {}
  },
  "from": 10
}

size Parameter

The size parameter is used to limit the number of query results returned. By default, ElasticSearch returns the first 10 results. If you want to return more or fewer results, you can set the size parameter.

GET /my_index/_search
{
  "query": {
    "match_all": {}
  },
  "size": 20
}

In this example, size: 20 tells ElasticSearch to return only the first 20 results.

sort Parameter

The sort parameter is used to sort query results. You can sort results based on one or more fields, specifying ascending (asc) or descending (desc) order.

GET /my_index/_search
{
  "query": {
    "match_all": {}
  },
  "sort": [
    { "publish_date": "desc" }
  ]
}

You can also sort by multiple fields. For example, sort first by status in ascending order, and then by publish_date in descending order:

GET /my_index/_search
{
  "query": {
    "match_all": {}
  },
  "sort": [
    { "status": "asc" },
    { "publish_date": "desc" }
  ]
}

Nested Query

The nested query is used to search within nested objects. Nested objects allow you to store complex arrays of objects within a single document, where each object can have its own fields. Nested queries allow for complex searches within these objects.

Suppose we want to find orders containing a specific product, and the product's price falls within a certain range. We can achieve this with a nested query:

GET /orders/_search
{
  "query": {
    "nested": {
      "path": "products",
      "query": {
        "bool": {
          "must": [
            { "match": { "products.name": "Laptop" } },
            { "range": { "products.price": { "gte": 1000, "lte": 2000 } } }
          ]
        }
      }
    }
  }
}
Last update: 12/6/2024, 9:55:18 PM
Contributors: LYPvvvLYP
Copyright © 2024 XC