How to query elasticsearch using array index?

meallhour · January 24, 2020, 3:37pm

My Json Response looks as below:

{
  "took": 41,
  "timed_out": false,
  "_shards": {
    "total": 3,
    "successful": 3,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": null,
    "hits": [
      {
        "_index": "abc_history",
        "_type": "abc-data-type",
        "_id": "5e29cbb7965809fe6cb22a7b",
        "_score": null,
        "_source": {
          "sData": [
            {
              "status": "In Progress"
            },
            {
              "status": "Started"
            },
            {
              "status": "Finished"
            }
          ]
        },
        "sort": [
          1579797431366
        ]
      }
    ]
  }
}

My ES query looks as below which is returning the above response.

{
  "from": 0, 
  "size": 5, 
  "_source": ["sData.status"],
        "query": {
          "bool": {
            "must":[
              {
                "wildcard": {
                  "server": "*ABC2501*"
                }
              },         
              {
                "wildcard": {
                  "sData.status": "*Finish*"
                }
              }
            ]
          }
        },
        "sort": [
          { "requestDate": {"order": "desc"}}
        ]
}

I want to modify the query so that ES performs search in third element of sData which is sData[2]
I have modified the query as below and performing wildcard search for sData[2].status but it is not returning anything.

{
  "from": 0, 
  "size": 5, 
  "_source": ["sData.status"],
        "query": {
          "bool": {
            "must":[
              {
                "wildcard": {
                  "server": "*ABC2501*"
                }
              },         
              {
                "wildcard": {
                  "sData[2].status": "*Finish*"
                }
              }
            ]
          }
        },
        "sort": [
          { "requestDate": {"order": "desc"}}
        ]
}

inhinyera16 · January 25, 2020, 6:56pm

sData should be stored as nested data type in order to query it independently.

PUT /abc_history
{
    "mappings": {
        "_doc" : {
            "properties" : {
                "sData" : {
                    "type" : "nested"
                }
            }
        }
    }
}

Then query something like this

GET /abc_history/_search 
{
    "query": {
        "nested" : {
            "path" : "sData",
            "query" : {
                "bool" : {
                    "must" : [
                    { "match" : {"sData.status" : "Finished"} }
                    ]
                }
            }
        }
    }
}

You can check this page regarding nested query https://www.elastic.co/guide/en/elasticsearch/reference/6.8/query-dsl-nested-query.html

meallhour · January 26, 2020, 3:13am

I am not looking for { "match" : {"sData.status" : "Finished"} } Instead I am looking for sData[3] which could have any value such as Finished or In Progress or Started

Christian_Dahlqvist · January 26, 2020, 8:46am

Elasticsearch does not index array index, so if you want to search a specific position you probably need to add the position as an attribute and used nested documents.

system · February 23, 2020, 8:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.