What are the different queries in Elasticsearch?
Elasticsearch is an engine built on the Apache Lucene library for search and analytics. It is famous for its ability to manage large files and provide fast search results. At the heart of Elasticsearch’s search capabilities are queries, powerful commands that allow users to retrieve, filter, and analyze data stored in the system.
In this Answer, we dive into Elasticsearch queries by exploring different types, capabilities, and use cases.
Understanding queries in Elasticsearch
In Elasticsearch, queries describe the search process and control how data is retrieved.
The query is created in JSON format and sent to the _search parameter at the end. Elasticsearch processes these queries and returns relevant information based on the search. There are two main query classes in Elasticsearch:
-
Leaf Queries: These simple queries match data to specific fields and results. They are used for searching and filtering.
-
Compound query: This advanced query uses boolean operators to combine multiple leaf queries. Compound queries help create complex search scenarios.
Let’s have a look at some commonly used queries. Consider we have a database with the following data:
{"index": {"_index": "products", "_id": "1"}}{"title": "Elasticsearch Introduction", "price": 20, "category": "Technology"}{"index": {"_index": "products", "_id": "2"}}{"title": "Elasticsearch Basics", "price": 30, "category": "Technology"}{"index": {"_index": "products", "_id": "3"}}{"title": "Advanced Elasticsearch", "price": 90, "category": "Technology"}{"index": {"_index": "products", "_id": "4"}}{"title": "Search Engine Tutorial", "price": 15, "category": "Technology"}{"index": {"_index": "products", "_id": "5"}}{"title": "Data Science with Elasticsearch", "price": 50, "category": "Science"}
Let's explore how to create and test Elasticsearch queries using the terminal. We'll use the terminal provided after each query to see the results in real data and ensure our queries work as expected.
The match query
In this query, it matches the given exact key value with the field values of the selected field. The query below will fetch all the records having an exact value of Elasticsearch in the field title.
{"query": {"match": {"title": "Elasticsearch"}}}
query: This is the top-level element indicating that we are defining a query.match: This specifies the type of query we want to perform, in this case, a "match" query."title": "Elasticsearch": This part of the query states that we are looking for documents where the "title" field matches the exact value "Elasticsearch".
The range query
In Elasticsearch queries, we use the range query when we need all the records based on a specified range about an item. Here is the query implementation to fetch the documents with price field values between 10 to 100.
{"query": {"range": {"price": {"gte": 10,"lte": 100}}}}
query: This is the top-level element indicating that we are defining a query.range: This specifies the type of query we want to perform, specifically a "range" query."price": { "gte": 10, "lte": 100 }: This part of the query indicates that we are looking for documents where the "price" falls within a range. "gte" stands for "greater than or equal to," and "lte" stands for "less than or equal to." So, we are searching for documents with a "price" field value between 10 and 100.
The bool query
This query allows us to fetch records using logical operators such as AND, OR, and NOT. The query below shows the implementation of fetching all the files having exact values, Elasticsearch in the field title and Technology in the category field. This is how we implement AND in writing queries.
{"query": {"bool": {"must": [{ "match": { "title": "Elasticsearch" }},{ "match": { "category": "Technology" }}]}}}
query: This is the top-level element indicating that we are defining a query.bool: This stands for "boolean" and is used for combining multiple conditions.must: This is inside the boolean query and specifies that both conditions must be true for a document to match.[{ "match": { "title": "Elasticsearch" }}, { "match": { "category": "Technology" }}]: These are the conditions. It says we are looking for documents where both the "title" is "Elasticsearch" and the "category" is "Technology."
The wildcard query
We use a wildcard query to fetch the records based on a specified prefix. This query fetches records by matching the prefix value with the given field. The query below shows how to extract all the records with the prefix value Elastic* in the title field. Here * means any value after Elastic.
{"query": {"wildcard": {"title": "Elastic*"}}}
query: This is the top-level element indicating that we are defining a query.wildcard: This specifies the type of query we want to perform, which is a "wildcard" query."title": "Elastic*": This part of the query is looking for documents where the "title" field matches a pattern. In this case, the pattern is "Elastic*" where "*" acts as a wildcard character, meaning it matches any characters that come after "Elastic."
The fuzzy query
A fuzzy query is a query type that matches documents containing a field similar to a given query string. For example, if we want to retrieve data with a field name like Elastiksearch, you can use the following fuzzy query:
{"query": {"fuzzy": {"title": {"value": "Elastiksearch","fuzziness": "2"}}}}
query: This is the top-level element indicating that we are defining a query.fuzzy: This specifies the type of query we want to perform, which is a "fuzzy" query."title": { "value": "Elastiksearch", "fuzziness": "2" }: This part of the query is looking for documents where the "title" field is similar to the specified value, "Elastiksearch," with a fuzziness level of 2.
The query_string query
It utilizes a full-text search query that lets us search for documents. The query below shows the implementation if we want to search for all records that contain the exact words Elasticsearch tutorial or Elasticsearch Basics in the Title field.
{"query": {"query_string": {"query": "title:(Elasticsearch tutorial OR Elasticsearch basics)"}}}
query: This is the top-level element indicating that we are defining a query.query_string: This specifies the type of query we want to perform, which is a "query_string" query."query": "title:(Elasticsearch tutorial OR Elasticsearch basics)": This part of the query is performing a full-text search on the "title" field. It's looking for documents where the "title" contains either "Elasticsearch tutorial" or "Elasticsearch basics."
Free Resources