Multiple query with wildcard

icirco · October 30, 2019, 5:05pm

hello,
How to query easily ? Is any tool to help to implement the query ?

I've success to query on a range time but I would like to add a condition on a message pattern...

How to do that ? I've tried something like this :

{
 "query": {
         "bool" : {
              "filter": {
                   "term" : {
                        "message" : "*my string*"
                   }
             },
         "must" : {
             "range" : {
                  "@timestamp" : {
                          "gte" : "now-10m",
                          "lt" : "now"
                  }
             }
        }
   }

}
}

icirco · November 8, 2019, 2:06pm

is any help to add condition in my query ?

spinscale · November 8, 2019, 3:31pm

First, prefix wildcards are a performance killer. I would refrain from using it. In the above example there is no wildcard needed.. you could just search for my AND string using a match query. Keep in mind that this works differently than SQL.

Also, you probably want to move the range part in the filter part of a boolean query and move the match query into the must part in order to apply scoring.

system · December 6, 2019, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add filter in query Elasticsearch	4	649	July 6, 2017
How can we get records from elasticsearch with wildcard queries having two keywords? Elasticsearch	3	346	August 7, 2020
Combining bool and range queries Elasticsearch	2	34953	May 16, 2017
What is the best way to do wildcards with booleans? Elasticsearch	1	529	December 11, 2017
How do I query using Wildcard Elasticsearch	6	1969	July 6, 2017

Multiple query with wildcard

Related topics