- Elasticsearch - The Definitive Guide:
- Foreword
- Preface
- Getting Started
- You Know, for Search…
- Installing and Running Elasticsearch
- Talking to Elasticsearch
- Document Oriented
- Finding Your Feet
- Indexing Employee Documents
- Retrieving a Document
- Search Lite
- Search with Query DSL
- More-Complicated Searches
- Full-Text Search
- Phrase Search
- Highlighting Our Searches
- Analytics
- Tutorial Conclusion
- Distributed Nature
- Next Steps
- Life Inside a Cluster
- Data In, Data Out
- What Is a Document?
- Document Metadata
- Indexing a Document
- Retrieving a Document
- Checking Whether a Document Exists
- Updating a Whole Document
- Creating a New Document
- Deleting a Document
- Dealing with Conflicts
- Optimistic Concurrency Control
- Partial Updates to Documents
- Retrieving Multiple Documents
- Cheaper in Bulk
- Distributed Document Store
- Searching—The Basic Tools
- Mapping and Analysis
- Full-Body Search
- Sorting and Relevance
- Distributed Search Execution
- Index Management
- Inside a Shard
- You Know, for Search…
- Search in Depth
- Structured Search
- Full-Text Search
- Multifield Search
- Proximity Matching
- Partial Matching
- Controlling Relevance
- Theory Behind Relevance Scoring
- Lucene’s Practical Scoring Function
- Query-Time Boosting
- Manipulating Relevance with Query Structure
- Not Quite Not
- Ignoring TF/IDF
- function_score Query
- Boosting by Popularity
- Boosting Filtered Subsets
- Random Scoring
- The Closer, The Better
- Understanding the price Clause
- Scoring with Scripts
- Pluggable Similarity Algorithms
- Changing Similarities
- Relevance Tuning Is the Last 10%
- Dealing with Human Language
- Aggregations
- Geolocation
- Modeling Your Data
- Administration, Monitoring, and Deployment
WARNING: The 2.x versions of Elasticsearch have passed their EOL dates. If you are running a 2.x version, we strongly advise you to upgrade.
This documentation is no longer maintained and may be removed. For the latest information, see the current Elasticsearch documentation.
Most Important Queries
editMost Important Queries
editWhile Elasticsearch comes with many queries, you will use just a few frequently. We discuss them in much greater detail in Search in Depth but next we give you a quick introduction to the most important queries.
match_all Query
editThe match_all query simply matches all documents. It is the default
query that is used if no query has been specified:
{ "match_all": {}}
This query is frequently used in combination with a filter—for instance, to
retrieve all emails in the inbox folder. All documents are considered to be
equally relevant, so they all receive a neutral _score of 1.
match Query
editThe match query should be the standard query that you reach for whenever
you want to query for a full-text or exact value in almost any field.
If you run a match query against a full-text field, it will analyze
the query string by using the correct analyzer for that field before executing
the search:
{ "match": { "tweet": "About Search" }}
If you use it on a field containing an exact value, such as a number, a date,
a Boolean, or a not_analyzed string field, then it will search for that
exact value:
{ "match": { "age": 26 }} { "match": { "date": "2014-09-01" }} { "match": { "public": true }} { "match": { "tag": "full_text" }}
For exact-value searches, you probably want to use a filter clause instead of a query, as a filter will be cached. We’ll see some filtering examples soon.
Unlike the query-string search that we showed in Search Lite, the match
query does not use a query syntax like +user_id:2 +tweet:search. It just
looks for the words that are specified. This means that it is safe to expose
to your users via a search field; you control what fields they can query, and
it is not prone to throwing syntax errors.
multi_match Query
editThe multi_match query allows to run the same match query on multiple
fields:
{ "multi_match": { "query": "full text search", "fields": [ "title", "body" ] } }
range Query
editThe range query allows you to find numbers or dates that fall into
a specified range:
{ "range": { "age": { "gte": 20, "lt": 30 } } }
The operators that it accepts are as follows:
-
gt - Greater than
-
gte - Greater than or equal to
-
lt - Less than
-
lte - Less than or equal to
term Query
editThe term query is used to search by exact values, be they numbers, dates,
Booleans, or not_analyzed exact-value string fields:
{ "term": { "age": 26 }} { "term": { "date": "2014-09-01" }} { "term": { "public": true }} { "term": { "tag": "full_text" }}
The term query performs no analysis on the input text, so it will look for exactly
the value that is supplied.
terms Query
editThe terms query is the same as the term query, but allows you
to specify multiple values to match. If the field contains any of
the specified values, the document matches:
{ "terms": { "tag": [ "search", "full_text", "nosql" ] }}
Like the term query, no analysis is performed on the input text. It is looking
for exact matches (including differences in case, accents, spaces, etc).
exists and missing Queries
editThe exists and missing queries are used to find documents in which the
specified field either has one or more values (exists) or doesn’t have any
values (missing). It is similar in nature to IS_NULL (missing) and NOT
IS_NULL (exists)in SQL:
{ "exists": { "field": "title" } }
These queries are frequently used to apply a condition only if a field is present, and to apply a different condition if it is missing.
On this page