Nested Filter/Query on all fields

Sagar_Shah · March 6, 2015, 12:02am

Hello everyone,
Here's my sample data going into elastic Search.

{
"date_time_utc": "2014-01-01 01:01:01.000",
"details": "Details of the event",
"tracking_id": "Message Tracking Id",
"enterprise_application": "ENTP APP",
"log_level": "DEBUG",
"application_id": "342-34-254",
"source": "Source",
"log_code": "MDG.00.05",
"host": "127.0.0.1",
"context":
{
"A": "123",
"B": "456",
"C": "789"
}
}

When I am preparing for a search request, I am finding some issue.
Basically, I need a capability to search a user input across all the
elements of nested object "context".
Context might have nested fields under it on the fly. So I need some kind
of wild card operation of the fields itself like (context.*).

I found one way, but that searches on specific field within context like
given below.

"nested": {
"path": "context",
"filter": {
"bool": {
"must": [
{ "term": { "context.A: "0432" } }
]
}
}
}

Is there a way to search a user input across all the fields under context
nested element? I do not wish to search through rest of the fields.

I would prefer filter over query here.

Please advise.

Appreciate your inputs!

Regards,
Sagar Shah

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5e04b543-9275-4bda-8696-068dd723b1d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

jpountz · March 6, 2015, 8:36am

You can use a multi-match query:

or copy all the fields you are interested in into a new field at index time
using copy_to:

On Fri, Mar 6, 2015 at 1:02 AM, Sagar Shah sagarshah1983@gmail.com wrote:

Hello everyone,
Here's my sample data going into elastic Search.

{
"date_time_utc": "2014-01-01 01:01:01.000",
"details": "Details of the event",
"tracking_id": "Message Tracking Id",
"enterprise_application": "ENTP APP",
"log_level": "DEBUG",
"application_id": "342-34-254",
"source": "Source",
"log_code": "MDG.00.05",
"host": "127.0.0.1",
"context":
{
"A": "123",
"B": "456",
"C": "789"
}
}

When I am preparing for a search request, I am finding some issue.
Basically, I need a capability to search a user input across all the
elements of nested object "context".
Context might have nested fields under it on the fly. So I need some kind
of wild card operation of the fields itself like (context.*).

I found one way, but that searches on specific field within context like
given below.

"nested": {
"path": "context",
"filter": {
"bool": {
"must": [
{ "term": { "context.A: "0432" } }
]
}
}
}

Is there a way to search a user input across all the fields under context
nested element? I do not wish to search through rest of the fields.

I would prefer filter over query here.

Please advise.

Appreciate your inputs!

Regards,
Sagar Shah

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5e04b543-9275-4bda-8696-068dd723b1d8%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/5e04b543-9275-4bda-8696-068dd723b1d8%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j7SrWzZpRX5UoJi16m3N1knrxSEH%2BU%3D9cK%3D_8jmSqmeeA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Sagar_Shah · March 6, 2015, 3:45pm

Thanks a ton Adrien.
multi_match did work!

Regards,
Sagar Shah

On Fri, Mar 6, 2015 at 2:36 AM, Adrien Grand <adrien.grand@elasticsearch.com

wrote:

You can use a multi-match query:
Elasticsearch Platform — Find real-time answers at scale | Elastic
or copy all the fields you are interested in into a new field at index time
using copy_to:
Elasticsearch Platform — Find real-time answers at scale | Elastic

On Fri, Mar 6, 2015 at 1:02 AM, Sagar Shah sagarshah1983@gmail.com
wrote:

Hello everyone,
Here's my sample data going into elastic Search.

{
"date_time_utc": "2014-01-01 01:01:01.000",
"details": "Details of the event",
"tracking_id": "Message Tracking Id",
"enterprise_application": "ENTP APP",
"log_level": "DEBUG",
"application_id": "342-34-254",
"source": "Source",
"log_code": "MDG.00.05",
"host": "127.0.0.1",
"context":
{
"A": "123",
"B": "456",
"C": "789"
}
}

When I am preparing for a search request, I am finding some issue.
Basically, I need a capability to search a user input across all the
elements of nested object "context".
Context might have nested fields under it on the fly. So I need some kind
of wild card operation of the fields itself like (context.*).

I found one way, but that searches on specific field within context like
given below.

"nested": {
"path": "context",
"filter": {
"bool": {
"must": [
{ "term": { "context.A: "0432" } }
]
}
}
}

Is there a way to search a user input across all the fields under context
nested element? I do not wish to search through rest of the fields.

I would prefer filter over query here.

Please advise.

Appreciate your inputs!

Regards,
Sagar Shah

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5e04b543-9275-4bda-8696-068dd723b1d8%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/5e04b543-9275-4bda-8696-068dd723b1d8%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/WvKyfof_6tU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j7SrWzZpRX5UoJi16m3N1knrxSEH%2BU%3D9cK%3D_8jmSqmeeA%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j7SrWzZpRX5UoJi16m3N1knrxSEH%2BU%3D9cK%3D_8jmSqmeeA%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--

Regards,
Sagar Shah

Too many people think more of security instead of opportunity. They seem
more afraid of life than death!!!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CANZnv5gG5kS-TZ6qaX81fjHn_V3L%2BBukW3_Y0s6%3DHefc2CTBSQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.