Is there a way to better structure this nested boolean query? We are running into the max bool clause count. I've looked into trying to use a termquery and termsquery, but I'm not sure it makes sense in this situation. The end result query ends up being over 700k lines.
So far I've refactored each nested bool query for each range into a top level bool query with a list of all the ranges. However, we are still hitting the max bool clause exception.
- Does each range under the bool get evaluated as a separate bool clause?
- I'm trying to get past the max clause count without changing the setting in the .yml file.
Example (there are more ranges):
{
"bool" : {
"must" : [
{
"bool" : {
"should" : [
{
"bool" : {
"must" : [
{
"bool" : {
"should" : [
{
"nested" : {
"query" : {
"bool" : {
"must" : [
{
"range" : {
"srcAddrIndex.startAddressIp" : {
"from" : null,
"to" : "::ffff:10.0.0.255",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"srcAddrIndex.endAddressIp" : {
"from" : "::ffff:10.0.0.0",
"to" : null,
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
{
"range" : {
"srcAddrIndex.startAddressIp" : {
"from" : null,
"to" : "::ffff:192.0.6.1",
"include_lower" : true,
"include_upper" : true,
"boost" : 1.0
}
}
},
Previous query snippit:
{
"bool": {
"should": [
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"nested": {
"query": {
"bool": {
"must": [
{
"range": {
"srcAddrIndex.startAddressIp": {
"from": null,
"to": "::ffff:1.1.1.255",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
},
{
"range": {
"srcAddrIndex.endAddressIp": {
"from": "::ffff:1.1.1.0",
"to": null,
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"disable_coord": false,
"adjust_pure_negative": true,
"boost": 1
}
},
"path": "srcAddrIndex",
"ignore_unmapped": false,
"score_mode": "none",
"boost": 1
}
},
{
"nested": {
"query": {
"bool": {
"must": [
{
"range": {
"srcAddrIndex.startAddressIp": {
"from": null,
"to": "::ffff:1.2.3.255",
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
},
{
"range": {
"srcAddrIndex.endAddressIp": {
"from": "::ffff:1.2.3.0",
"to": null,
"include_lower": true,
"include_upper": true,
"boost": 1
}
}
}
],
"disable_coord": false,
"adjust_pure_negative": true,
"boost": 1
}
},
"path": "srcAddrIndex",
"ignore_unmapped": false,
"score_mode": "none",
"boost": 1
}
},