Elasticsearch query string

Easy Search

searchThere are two types of forms in the API: a query string that is "simple", which defines all parameters through a query string, and another that uses a full JSON representation of the request body, This rich search language is called Structured query statements (DSL)

Query string search is particularly useful for running Point-to-point (ad hoc) queries under the command line. For example, this statement queries all tweet documents of the type and tweet contains characters in the field elasticsearch :

GET /_all/tweet/_search?q=tweet:elasticsearch

The next statement finds name The fields that contain "john" and tweet contains "mary" the results of the field. The actual query requires only:

+name:john +tweet:mary

But the percent code (Percent encoding)(Translator Note: URL encoding) needs to make query string parameters more cryptic:

GET /_search?q=%2Bname%3Ajohn+%2Btweet%3Amary

"+"The prefix indicates that the statement matching criteria must be satisfied. A similar "-" prefix indicates that the condition must not be satisfied. All conditions, if not + or - indicated, are optional-the more matches, the more documents are related.

_allField

Returns a "mary" simple search for all documents that contain characters:

GET /_search?q=mary

In the previous example, we searched tweet or name the field contains the result of a character. However, the results returned by this statement are contained in three different fields "mary" :

• The user's name is "Mary"
• Six tweets from "Mary"
• A tweet for "@mary"

How did Elasticsearch manage to find the results of three different fields?

When you index a document, Elasticsearch links all the string field values together in a large string, which is indexed as a special field _all . For example, when indexing this document:

{    "tweet":    "However did I manage before Elasticsearch?",    "date":     "2014-09-14",    "name":     "Mary Jones",    "user_id":  1}

It's like we've added an _all extra field value called:

"However did I manage before Elasticsearch? 2014-09-14 Mary Jones 1"

query strings are searched using fields before other fields are determined _all .

More complex statements

Next search for Twitter statements:

_allField

• namefield contains "mary" or"john"
• dateLater than2014-09-10
• _allfield contains "aggregations" or"geo"

+name:(mary john) +date:>2014-09-10 +(aggregations geo)

The encoded query string becomes less easy to read:

?q=%2Bname%3A(mary+john)+%2Bdate%3A%3E2014-09-10+%2B(aggregations+geo)

As you can see above, the simple (Lite) query string search is surprisingly powerful. Its query syntax is described in the "Query string Syntax" section. The reference document allows us to express complex queries in a concise and crisp. This is useful for one-time queries or development mode under the command line.

However, you can see that brevity brings with it subtle and debugging difficulties. And it's fragile--a small syntax error in the query string, like - , : , or misplaced, results in a / " return error instead of a result.

Finally, query string search allows any user to run potentially slow query statements on any of the fields in the index, potentially exposing private information or even crippling your cluster.

PS: For these reasons, we do not recommend directly exposing query string searches to users unless these users are trusted with your data and clusters.

Instead, we generally rely on the full-featured request-Body Search API, which can do all the things before, or even more. Before we get to know them, we first need to look at how the data is indexed in Elasticsearch.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Elasticsearch query string