Elasticsearch query_andvanced_multi_match

Elastic Stack Elasticsearch
1

i have an advanced query with elsticsearch. i want to search for all document that mets a specific requirements.
Document: field1, field2, timestamp
i have also a list of value for field1 and filed2

listField1=[v1,v2,v3......]
listField2=[x1,x2,x3......]

i want seach all documents for (field1= v1 and field2=x1) or (field1=v2 and field2=x2)

Can anyone help me?
the pist that i found is :
{

"query": {
  		
	"bool": {
		"must": [
				{
				"range": {
							"@timestamp":{"from" : "date1", "to" : "date2" }
						}
				}
          
        ],
      
      "should": [
					
                  {
                  		"multi_match": {
                            "query": "v1",
                            "fields": ["field1"]
						}
                  },
                  {
                  			"multi_match": {
                  			"query": "v2",
                  			"fields": ["field1"]
                  			}
                  	}
                  ]
}
}
}

but it need to be more developedPreformatted text

2

you need a bool query with

  • a filter part, that contains the time range
  • a should part, that consists of two other bool queries
  • each of those bool queries have a single must part, with two match queries, one for field1 and one for field2

Please take the time to read about the bool query in the docs, as it changes behaviour when you have must and should clauses.

--Alex

3

As i understand from your post you mean i put a query like this :

{

"query": {
  		
	"bool": {
		"must": [
				{
				"range": {
							"@timestamp":{"from" : "date1", "to" : "date2" }
						}
				}
          
        ],
      
      "should": [
					"bool": {
						"must":{
						
						"multi_match": {
                            "query": "v1",
                            "fields": ["field1"]
						},
						
						"multi_match": {
                            "query": "x1",
                            "fields": ["field2"]
						}
						
							
						}
					},
					"bool": {
						"must":{
						
						"multi_match": {
                            "query": "v2",
                            "fields": ["field1"]
						},
						
						"multi_match": {
                            "query": "x2",
                            "fields": ["field2"]
						}
						
							
						}
					},
                  
                  
				]
}
}
}
4

the top most must part should become a filter clause

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.