Elasticsearch QueryBuilder with dynamic value in term query

bagui · June 4, 2014, 5:39pm

I have a code like below where I'm doing multiple must in bool query. Here
I'm passing the must term queries in field "address". Now the ip address
will come to me as a list from other api and I have to pass for all the
ip's in the list as a must term query. Here I'm not getting a way how to
pass the address values dynamically when creating the QueryBuilder.

Please suggest how to do this.

public static SearchResponse searchResultWithAggregation(String es_index,
String es_type, List ipList, String queryRangeTime) {
Client client = ESClientFactory.getInstance();

QueryBuilder qb = QueryBuilders.boolQuery()
        .must(QueryBuilders.termQuery("address", "10.203.238.138"))
        .must(QueryBuilders.termQuery("address", "10.203.238.137"))
        .must(QueryBuilders.termQuery("address", "10.203.238.136"))
        .mustNot(QueryBuilders.termQuery("address", "10.203.238.140"))
        .should(QueryBuilders.termQuery("client", ""));

queryRangeTime = "now-" + queryRangeTime + "m";
FilterBuilder fb = FilterBuilders.rangeFilter("@timestamp")
        .from(queryRangeTime).to("now");

SearchResponse response = client
        .prepareSearch(es_index)
        .setTypes(es_type)
        .setQuery(qb)
        .setPostFilter(fb)
        .addAggregation(
                AggregationBuilders.avg("cpu_average").field("value"))
        .setSize(10).execute().actionGet();

System.out.println(response.toString());
return response;}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/1b6d7ba7-5cc5-4f26-abce-9e6614d39ed4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ivan · June 4, 2014, 6:38pm

Off the top of my head, you can either using a nested bool query for the IP
address or use a terms query with the minimum match set to the size of the
list.

Option 1:

QueryBuilder ipQuery = QueryBuilders.boolQuery();
for (String ip: ipList) {
ipQuery.must(must(QueryBuilders.termQuery("address", ip));
}

QueryBuilder qb = QueryBuilders.boolQuery()
.must(ipQuery)
...

Option 2:

QueryBuilder qb = QueryBuilders.boolQuery()
.must(termsQuery("address" ,
ipList).minimumMatch(ipList.size()))
...

Cheers,

Ivan

On Wed, Jun 4, 2014 at 10:39 AM, Subhadip Bagui i.bagui@gmail.com wrote:

I have a code like below where I'm doing multiple must in bool query. Here
I'm passing the must term queries in field "address". Now the ip address
will come to me as a list from other api and I have to pass for all the
ip's in the list as a must term query. Here I'm not getting a way how to
pass the address values dynamically when creating the QueryBuilder.

Please suggest how to do this.

public static SearchResponse searchResultWithAggregation(String es_index,
String es_type, List ipList, String queryRangeTime) {
Client client = ESClientFactory.getInstance();
QueryBuilder qb = QueryBuilders.boolQuery()
        .must(QueryBuilders.termQuery("address", "10.203.238.138"))
        .must(QueryBuilders.termQuery("address", "10.203.238.137"))
        .must(QueryBuilders.termQuery("address", "10.203.238.136"))
        .mustNot(QueryBuilders.termQuery("address", "10.203.238.140"))
        .should(QueryBuilders.termQuery("client", ""));

queryRangeTime = "now-" + queryRangeTime + "m";
FilterBuilder fb = FilterBuilders.rangeFilter("@timestamp")
        .from(queryRangeTime).to("now");

SearchResponse response = client
        .prepareSearch(es_index)
        .setTypes(es_type)
        .setQuery(qb)
        .setPostFilter(fb)
        .addAggregation(
                AggregationBuilders.avg("cpu_average").field("value"))
        .setSize(10).execute().actionGet();

System.out.println(response.toString());
return response;}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1b6d7ba7-5cc5-4f26-abce-9e6614d39ed4%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/1b6d7ba7-5cc5-4f26-abce-9e6614d39ed4%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQAJ77dq-q7JMG41VPvikJjirOB1qtjmCDvaBu1HzZe0%3Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.