Struggling to Understand Creating Compound Queries Using Updated Query DSL

elasticTrouble · September 27, 2019, 9:35pm

Hey Elastic Folks,

I'm really struggling to understand creating compound queries with the updated query DSL after migrating our cluster from 5.3 to 6.8. My current task is to re-write roughly 300 saved searches many of which contain compound queries. I've spent roughly a day trying to re-write one query to the updated query DSL without any luck so I'm turning to the forums for assistance now.

For example, I need to convert this 5.3 query to the updated 6.8 query DSL, how?

{
  "query_string": {
    "query": "((request:\"Transaction request\" AND decision:APPROVED) OR (request:Update AND decision:TRANS_APPROVED)) OR ((request:Lookup AND decision:APPROVED))"
  }
}

I've read the following articles on the query DSL but I'm still failing to come up with a query of my own that matches any data or doesn't throw an internal server error exception when run.

https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-bool-query.html

elasticTrouble · September 27, 2019, 11:20pm

Figured it out. Thanks to this article: https://www.elastic.co/blog/lost-in-translation-boolean-operations-and-filters-in-the-bool-query

{
  "query": {
    "bool": {
      "should": [
        {
          "bool": {
            "must": [
              {
                "match": {
                  "request": "Transaction request"
                }
              },
              {
                "match": {
                  "decision": "APPROVED"
                }
              }
            ]
          }
        },
        {
          "bool": {
            "must": [
              {
                "match": {
                  "request": "Update"
                }
              },
              {
                "match": {
                  "decision": "TRANS_APPROVED"
                }
              }
            ]
          }
        },
        {
          "bool": {
            "must": [
              {
                "match": {
                  "request": "Lookup"
                }
              },
              {
                "match": {
                  "decision": "APPROVED"
                }
              }
            ]
          }
        }
      ]
    }
  }
}

ridiculous.

Mark_Harwood · September 28, 2019, 8:31am

Why?
Query string is still supported.

system · October 26, 2019, 8:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.