Continuing the discussion from Query (must be X) and (must (Z or Y):
Hi I built:
GET filebeat-*/log/_search
{
"query": {
"bool":{
"must": [
"should" : [
{"match" : {"clientId": "tomer"}}
]
],
"must": [
{"term" : {"terminationCause": "SUCCESS"}}
]
}
}
}
The question is there a way to use "match" for multiple terms, instead of the "terms" query?
(when I simply replace terms with "match" it doesnt work
Hi,
You can look at the description of match query
It corresponds to a full text query, then if you want multiple values, juste put in one match query all values you want separated with a space.
Adding the "operator" field to "and" or "or" inside the match query will decide if all terms in the query should be found or not
ex:
GET filebeat-*/log/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"clientId": "tomer john billy"
}
}
]
}
}
}
This one will retrieve document with clientId is equal to :
"tomer"
"john"
"billy"
GET filebeat-*/log/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"clientId": {
"query": " tomer john billy",
"operator": "and"
}
}
}
]
}
}
}
this one will retrieve documents where clientId is equal to :
"tomer john billy"
GET filebeat-*/log/_search
{
"query": {
"bool": {
"should": [
{
"match": {
"clientId": {
"query": " tomer john billy"
}
}
}
],
"minimum_should_match": 2
}
}
}
this one will retrieve documents where clientId is equal to :
Finally, you can add a custom analyser if you wants which will split the phrase differently before searching documents.
Hope it's clear ^^'
Thank you very much!
this was very clear
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.