Hello,
Can anyone help me to use Boolean search in dev tools query?
Thanks,
Priyanka
What did you try so far?
Hello @dadoonet,
I have tried below query:
POST /multipletable/_search
{
"query":{
"bool":{
"must":[ {
"match":{
"title":{
"query":"test"} } },
{
"match":{
"contentid":{
"query":"4016768"} } }
]
}
}
}
in above query, i have mentioned in which field i have to search, like search for test in title field AND search for 4016768 in contentid.
i dont want to use field name but have to perform boolean search in below format query:
GET new_database,new_attachment/_search?size=10000
{
"query": {
"multi_match": {
"query": "4245489",
"fields": ["contentid^5", "title^4","object_summary^3","content^2","submitted_for_name"] }
}
}
Regards,
Priyanka
Could you replace the 2 match queries with 2 simple query string queries instead?
Hello @dadoonet,
Like this:
"query_string": {
"query": "test AND 4016768"
}
Regards,
Priyanka
Yes but I meant https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-simple-query-string-query.html
But your way should work as well.
Hello @dadoonet,
Thanks for reply!! i have tried using simple query string query. It is working fine for me.
one more doubt, in kibana when we do boolean search through index pattern, so Is it always necessary to mention field name first before using any boolean operator?
example: Field1: SearchTerm1 AND Field2: SearchTerm2
Is there any way to do boolean search without using fields? i want to apply boolean search for all the field.
I have tried using SearchTerm1 AND SearchTerm2, but it is considering AND as a word and giving me incorrect results.
Regards,
Priyanka
I believe it's because Kibana is using by default the KQL language which is slightly different perhaps than the Lucene query language.
There is an option to change it (a small arrow at the right of the search box IIRC).
Because you are using an old version.
May be try the options but I think you are using Lucene query language by default in this version.
So that should work out of the box.
What exactly did you enter?
Hello @dadoonet,
I have enter Boolean search query . for example: Test AND testing.
I am able to search now.
My another doubt is i am using NOT operator in both ways. It should return me same number of results. but both are showing different result count. please find below
1st way:
GET new_database,new_attachment/_search?size=10000
{
"query": {
"simple_query_string": {
"query": "KPOD - 4245489",
"fields": ["contentid^5", "title^4","object_summary^3","content^2","submitted_for_name"] }
}
}
2nd way:
GET new_database,new_attachment/_search?size=10000
{
"query": {
"query_string": {
"query": "KPOD NOT 4245489",
"fields": ["contentid^5", "title^4","object_summary^3","content^2","submitted_for_name"] }
}
}
This is "KPOD - 4245489" same as "KPOD NOT 4245489".
Regards,
Priyanka
Try
KPOD -4245489Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.
A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.
Hello @dadoonet,
I have tried solution that you have mentioned in above replies.
please find below code for your reference:
GET new_database,new_attachment/_search?size=10000
{
"query": {
"simple_query_string": {
"query": "KPOD -4245489",
"fields": ["contentid^5", "title^4","object_summary^3","content^2","submitted_for_name"] }
}
}
still i am getting wrong result count.
"query": "KPOD -4245489" and "query": "KPOD NOT 4245489" should work as same. correct if i am wrong.
using "query": "KPOD NOT 4245489" i am getting 1541 results. but using "query": "KPOD -4245489" i am getting more than 1541.
Kindly guide me on the same.
Regards,
Priyanka Y.
Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.
A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.
Hello @dadoonet,
I have explained using script. what do you want me to explain more on the same?
Thanks,
Priyanka
In case you did not see it, let me copy the text:
Providing a script to reproduce locally is definitely helping a lot to get quicker and more accurate responses.
Please format your code using </> icon and produce full scripts like this one:
DELETE index
PUT index/_doc/1
{
"foo": "bar"
}
GET index/_search
{
"query": {
"match": {
"foo": "bar"
}
}
}
A typical script like this one can be copied and pasted in Kibana Dev Console by any reader. It will definitely help to play with your example and provide a fix for your script.
If you don't provide it, there is a chance that nobody can help .
Running
GET new_database,new_attachment/_search?size=10000
On my machine is giving me that indices do not exist. So I can't reproduce.
Do you understand what I'm meaning?