This article translated from: www.elastic.co/guide/en/el…
This article is a primer for Elasticsearch and will introduce the query language for Elasticsearch.
Query language (SQL)
Elasticsearch provides a domain-specific JSON-style language that you can use to execute queries. This is called the query DSL. Query languages are fairly comprehensive and can be intimidating at first, but the best way to actually learn is to start with a few basic examples.
Going back to our last example, we execute this query:
GET /bank/_search
{
"query": { "match_all": {}}}Copy the code
Parsing the above, the query part tells us what the query definition is, and the match_all part is the type of query we’re going to run. The match_all query simply searches all documents in the specified index.
In addition to the query parameter, we can pass other parameters to influence the search results. In the example above, we pass through sort, where we pass size:
GET /bank/_search
{
"query": { "match_all": {}},"size": 1}Copy the code
Note that if size is not specified, the default is 10.
This example executes match_all and returns documents 11 through 20:
GET /bank/_search
{
"query": { "match_all": {}},"from": 10,
"size"10} :Copy the code
The FROM parameter (based on 0) specifies which document index to start with, and the size parameter specifies how many documents to return from the from parameter. This feature is useful when you implement paging search results. Note that if from is not specified, it defaults to 0.
This example executes match_ALL and sorts by account balance in descending order by result and returns the top 10 (default size) documents.
GET /bank/_search
{
"query": { "match_all": {}},"sort": { "balance": { "order": "desc"}}}Copy the code
Perform a search
Now that we’ve seen some basic search parameters, let’s take a look at the query DSL. Let’s first look at the returned document field. By default, the full JSON document is returned as part of all searches. This is called the source (the _source field in the search match). If we do not wish to return the entire source document, we have the ability to request only a few fields from the source to be returned.
This example shows how to return two fields account_number and balance (inside _source) from a search:
GET /bank/_search
{
"query": { "match_all": {}},"_source": ["account_number"."balance"]}Copy the code
Note that the above example simply reduces the _source field. It still only returns a field named _source, but contains only the fields account_number and balance within it.
If you have a background in SQL technology, the above is conceptually similar to the SQL SELECT FROM field list.
Now let’s look at the query section. Previously, we have seen how to use the match_all query to match all documents. Now let’s introduce a new query called match Query, which you can think of as a basic field search query (that is, a search for a specific field or group of fields). This example returns an account of 20:
GET /bank/_search
{
"query": { "match": { "account_number": 20}}}Copy the code
This example returns all accounts that have the term “mill” in their address:
GET /bank/_search
{
"query": { "match": { "address": "mill"}}}Copy the code
This example returns all accounts that have the term “mill” or “lane” in their address:
GET /bank/_search
{
"query": { "match": { "address": "mill lane"}}}Copy the code
This example, a variant of match (match_phrase), returns all accounts that contain the phrase “Mill Lane” in the address:
GET /bank/_search
{
"query": { "match_phrase": { "address": "mill lane"}}}Copy the code
Now let’s introduce bool Query. Bool Query allows us to combine smaller queries into larger queries using Boolean logic.
This example consists of two match queries and returns all accounts containing “mill” and “lane” in the address:
GET /bank/_search
{
"query": {
"bool": {
"must": [{"match": { "address": "mill"}}, {"match": { "address": "lane"}}}Copy the code
In the example above, the bool must clause specifies that all queries for which the document is considered to be a match must be true.
In contrast, this example consists of two match queries and returns all accounts whose addresses contain “mill” or “lane” :
GET /bank/_search
{
"query": {
"bool": {
"should": [{"match": { "address": "mill"}}, {"match": { "address": "lane"}}}Copy the code
In the example above, the bool should clause specifies a list of queries that match any one of the documents to true.
This example consists of two matching queries and returns all accounts that have neither “mill” nor “lane” in their address:
GET /bank/_search
{
"query": {
"bool": {
"must_not": [{"match": { "address": "mill"}}, {"match": { "address": "lane"}}}Copy the code
In the above example, the bool must_NOT clause specifies a list of queries that are not true for a document that is considered a match.
We can use the must, should and must_not clauses together in a single bool query. In addition, we can combine bool queries in any of these bool clauses to simulate any complex multi-level Boolean logic.
This example returns all accounts for people who are 40 years old but whose state is not their ID:
GET /bank/_search
{
"query": {
"bool": {
"must": [{"match": { "age": "40"}}]."must_not": [{"match": { "state": "ID"}}}Copy the code