Elasticsearch in action

Wednesday, 05/02/2020

Tram Ho

What is Elasticsearch?

Full-text search engine.
NoSQL database.
Analytics engine.
Written in Java .
Lucence based.
Inverted indices.
Easy to scale
RESTful interface (HTTP / JSON)
” Schemaless “ .
Real-time .
ELK stack.

Download Elasticseach.

This article uses Elastichsearch 7.5

https://www.elastic.co/downloads/elasticsearch
After downloading and installing, run Elasticsearch,
You can point your browser to http: // localhost: 9200 (or use curl, I prefer curl) to check that elasticsearch has run successfully, and here is the result:

<span class="token punctuation">{</span>
  <span class="token property">"name"</span> <span class="token operator">:</span> <span class="token string">"DESKTOP-IH6ABIE"</span> <span class="token punctuation">,</span>
  <span class="token property">"cluster_name"</span> <span class="token operator">:</span> <span class="token string">"elasticsearch"</span> <span class="token punctuation">,</span>
  <span class="token property">"cluster_uuid"</span> <span class="token operator">:</span> <span class="token string">"m2jnECTRSkyYi6qFD0rNMA"</span> <span class="token punctuation">,</span>
  <span class="token property">"version"</span> <span class="token operator">:</span> <span class="token punctuation">{</span>
    <span class="token property">"number"</span> <span class="token operator">:</span> <span class="token string">"7.5.2"</span> <span class="token punctuation">,</span>
    <span class="token property">"build_flavor"</span> <span class="token operator">:</span> <span class="token string">"default"</span> <span class="token punctuation">,</span>
    <span class="token property">"build_type"</span> <span class="token operator">:</span> <span class="token string">"tar"</span> <span class="token punctuation">,</span>
    <span class="token property">"build_hash"</span> <span class="token operator">:</span> <span class="token string">"8bec50e1e0ad29dad5653712cf3bb580cd1afcdf"</span> <span class="token punctuation">,</span>
    <span class="token property">"build_date"</span> <span class="token operator">:</span> <span class="token string">"2020-01-15T12:11:52.313576Z"</span> <span class="token punctuation">,</span>
    <span class="token property">"build_snapshot"</span> <span class="token operator">:</span> <span class="token boolean">false</span> <span class="token punctuation">,</span>
    <span class="token property">"lucene_version"</span> <span class="token operator">:</span> <span class="token string">"8.3.0"</span> <span class="token punctuation">,</span>
    <span class="token property">"minimum_wire_compatibility_version"</span> <span class="token operator">:</span> <span class="token string">"6.8.0"</span> <span class="token punctuation">,</span>
    <span class="token property">"minimum_index_compatibility_version"</span> <span class="token operator">:</span> <span class="token string">"6.0.0-beta1"</span>
  <span class="token punctuation">}</span> <span class="token punctuation">,</span>
  <span class="token property">"tagline"</span> <span class="token operator">:</span> <span class="token string">"You Know, for Search"</span>
<span class="token punctuation">}</span>

{

"name" : "DESKTOP-IH6ABIE" ,

"cluster_name" : "elasticsearch" ,

"cluster_uuid" : "m2jnECTRSkyYi6qFD0rNMA" ,

"version" : {

"number" : "7.5.2" ,

"build_flavor" : "default" ,

"build_type" : "tar" ,

"build_hash" : "8bec50e1e0ad29dad5653712cf3bb580cd1afcdf" ,

"build_date" : "2020-01-15T12:11:52.313576Z" ,

"build_snapshot" : false ,

"lucene_version" : "8.3.0" ,

"minimum_wire_compatibility_version" : "6.8.0" ,

"minimum_index_compatibility_version" : "6.0.0-beta1"

} ,

"tagline" : "You Know, for Search"

}

Some concepts.

If compared to a relational database ( RDBMS ), the following terms can be interpreted as equivalent.

RDBMS	Elasticsearch
Database	Index
Table	Type
Row	Document

Index.

To create a database (or in Elasticseach, called Index ) we use the PUT method to name the database, for example, create an index post :

<span class="token comment"># REQUEST</span>
<span class="token constant">PUT</span> <span class="token operator">/</span> post

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
    <span class="token string">"acknowledged"</span> <span class="token punctuation">:</span> <span class="token keyword">true</span> <span class="token punctuation">,</span>
    <span class="token string">"shards_acknowledged"</span> <span class="token punctuation">:</span> <span class="token keyword">true</span> <span class="token punctuation">,</span>
    <span class="token string">"index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span>
<span class="token punctuation">}</span>

# REQUEST

PUT / post

# RESPONSE

{

"acknowledged" : true ,

"shards_acknowledged" : true ,

"index" : "post"

}

Document.

To create a document, just pass a json , and assign it an id

<span class="token comment"># REQUEST</span>
<span class="token constant">PUT</span> <span class="token operator">/</span> post <span class="token operator">/</span> _doc <span class="token operator">/</span> <span class="token number">1</span>
<span class="token punctuation">{</span>
	<span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en-US"</span> <span class="token punctuation">,</span>
	<span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Learn Elasticsearch"</span> <span class="token punctuation">,</span>
	<span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token string">"2020-02-04"</span> <span class="token punctuation">,</span>
	<span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Me!"</span>
<span class="token punctuation">}</span>

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
    <span class="token string">"_index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span> <span class="token punctuation">,</span>
    <span class="token string">"_type"</span> <span class="token punctuation">:</span> <span class="token string">"_doc"</span> <span class="token punctuation">,</span>
    <span class="token string">"_id"</span> <span class="token punctuation">:</span> <span class="token string">"1"</span> <span class="token punctuation">,</span>
    <span class="token string">"_version"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
    <span class="token string">"result"</span> <span class="token punctuation">:</span> <span class="token string">"created"</span> <span class="token punctuation">,</span>
    <span class="token string">"_shards"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"total"</span> <span class="token punctuation">:</span> <span class="token number">2</span> <span class="token punctuation">,</span>
        <span class="token string">"successful"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
        <span class="token string">"failed"</span> <span class="token punctuation">:</span> <span class="token number">0</span>
    <span class="token punctuation">}</span> <span class="token punctuation">,</span>
    <span class="token string">"_seq_no"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
    <span class="token string">"_primary_term"</span> <span class="token punctuation">:</span> <span class="token number">1</span>
<span class="token punctuation">}</span>

# REQUEST

PUT / post / _doc / 1

{

"language" : "en-US" ,

"title" : "Learn Elasticsearch" ,

"date" : "2020-02-04" ,

"author" : "Me!"

}

# RESPONSE

{

"_index" : "post" ,

"_type" : "_doc" ,

"_id" : "1" ,

"_version" : 1 ,

"result" : "created" ,

"_shards" : {

"total" : 2 ,

"successful" : 1 ,

"failed" : 0

} ,

"_seq_no" : 0 ,

"_primary_term" : 1

}

In the above request, post is the name of the index, doc is the type, 1 is the id.
Say a little more about the type , in Elasticsearch whenever document is saved, there will be 1 index and a mapping type corresponds, for example index twitter type user and tweet , each type can have separate field, user have user_name, email, also tweet content, tweeted_at and also user_name .
(To create a document we do the same: PUT /twitter/user/1 , PUT /twitter/tweet/1

In Elasticsearch, people often see index as database in SQL database, and type is similar to table , this is a bad equivalent and leads to many bad consequences. In SQL database the table are independent, two fields with the same name in two different table are not related to each other. But in Elasticsearch it is not the same, they are supported by an internal Lucence field. This has led to some negative consequences. There are 2 alternatives:

Each type, we give a separate index.
Or custome type.

Therefore, from Elasticsearch 7.x, specifying the type in the indexing API is no longer needed. From Elasticsearch 8, type declarations in the API will not be supported. See details at: https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html

Returning to the example, after the post created, we can retrieve it by the GET method

<span class="token comment"># REQUEST</span>
<span class="token constant">GET</span> <span class="token operator">/</span> post <span class="token operator">/</span> _doc <span class="token operator">/</span> <span class="token number">1</span>

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
	<span class="token string">"_index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span> <span class="token punctuation">,</span>
	<span class="token string">"_type"</span> <span class="token punctuation">:</span> <span class="token string">"_doc"</span> <span class="token punctuation">,</span>
	<span class="token string">"_id"</span> <span class="token punctuation">:</span> <span class="token string">"1"</span> <span class="token punctuation">,</span>
	<span class="token string">"_version"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
	<span class="token string">"_seq_no"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
	<span class="token string">"_primary_term"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
	<span class="token string">"found"</span> <span class="token punctuation">:</span> <span class="token keyword">true</span> <span class="token punctuation">,</span>
	<span class="token string">"_source"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
		<span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en-US"</span> <span class="token punctuation">,</span>
		<span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Learn Elasticsearch"</span> <span class="token punctuation">,</span>
		<span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token string">"Fri, 09 Dec 2019 09:30:27 +0000"</span>
		<span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Me!"</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# REQUEST

GET / post / _doc / 1

# RESPONSE

{

"_index" : "post" ,

"_type" : "_doc" ,

"_id" : "1" ,

"_version" : 1 ,

"_seq_no" : 0 ,

"_primary_term" : 1 ,

"found" : true ,

"_source" : {

"language" : "en-US" ,

"title" : "Learn Elasticsearch" ,

"date" : "Fri, 09 Dec 2019 09:30:27 +0000"

"author" : "Me!"

}

Mapping.

The first article I mentioned is Elasticsearch schemaless , actually not so. Check the mapping of the index post in the previous example:

<span class="token comment"># REQUEST</span>
<span class="token constant">GET</span> post <span class="token operator">/</span> _mapping

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
    <span class="token string">"post"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"mappings"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"properties"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                    <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"keyword"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                            <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span> <span class="token punctuation">,</span>
                            <span class="token string">"ignore_above"</span> <span class="token punctuation">:</span> <span class="token number">256</span>
                        <span class="token punctuation">}</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                    <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"keyword"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                            <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span> <span class="token punctuation">,</span>
                            <span class="token string">"ignore_above"</span> <span class="token punctuation">:</span> <span class="token number">256</span>
                        <span class="token punctuation">}</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                    <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"keyword"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                            <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span> <span class="token punctuation">,</span>
                            <span class="token string">"ignore_above"</span> <span class="token punctuation">:</span> <span class="token number">256</span>
                        <span class="token punctuation">}</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                    <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"keyword"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                            <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span> <span class="token punctuation">,</span>
                            <span class="token string">"ignore_above"</span> <span class="token punctuation">:</span> <span class="token number">256</span>
                        <span class="token punctuation">}</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# REQUEST

GET post / _mapping

# RESPONSE

{

"post" : {

"mappings" : {

"properties" : {

"author" : {

"type" : "text" ,

"fields" : {

"keyword" : {

"type" : "keyword" ,

"ignore_above" : 256

}

} ,

"date" : {

"type" : "text" ,

"fields" : {

"keyword" : {

"type" : "keyword" ,

"ignore_above" : 256

}

} ,

"language" : {

"type" : "text" ,

"fields" : {

"keyword" : {

"type" : "keyword" ,

"ignore_above" : 256

}

} ,

"title" : {

"type" : "text" ,

"fields" : {

"keyword" : {

"type" : "keyword" ,

"ignore_above" : 256

}

( text: analyzed, keyword: nonanalyzed )

We see that all are text, if not specified then Elasticsearch will guess the data type for us.
This is not very good, for example, fields that need a date / time or numeric type will be treated as text.
We manually mapped at the time of creating Index as follows, just pass json on:

<span class="token comment"># REQUEST</span>
<span class="token constant">PUT</span> <span class="token operator">/</span> post
<span class="token punctuation">{</span>
    <span class="token string">"mappings"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"properties"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span>
			<span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            	<span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"date"</span> <span class="token punctuation">,</span>
                <span class="token string">"format"</span> <span class="token punctuation">:</span> <span class="token string">"E, dd MMM yyyy HH:mm:ss Z"</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span>
            <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# REQUEST

PUT / post

{

"mappings" : {

"properties" : {

"author" : {

"type" : "keyword"

} ,

"date" : {

"type" : "date" ,

"format" : "E, dd MMM yyyy HH:mm:ss Z"

} ,

"language" : {

"type" : "keyword"

} ,

"title" : {

"type" : "text"

}

Analyzers.

First, see request mapping later (same as above), when declaring analyzer for title field.

<span class="token comment"># REQUEST</span>
<span class="token constant">PUT</span> <span class="token operator">/</span> post
<span class="token punctuation">{</span>
    <span class="token string">"mappings"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"properties"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"date"</span> <span class="token punctuation">,</span>
                <span class="token string">"format"</span> <span class="token punctuation">:</span> <span class="token string">"yyyy-MM-dd"</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"english"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span> 
                        <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"text"</span> <span class="token punctuation">,</span>
                        <span class="token string">"analyzer"</span> <span class="token punctuation">:</span> <span class="token string">"english"</span>
                    <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                    <span class="token string">"raw"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"type"</span> <span class="token punctuation">:</span> <span class="token string">"keyword"</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# REQUEST

PUT / post

{

"mappings" : {

"properties" : {

"author" : {

"type" : "keyword"

} ,

"date" : {

"type" : "date" ,

"format" : "yyyy-MM-dd"

} ,

"language" : {

"type" : "keyword"

} ,

"title" : {

"type" : "text" ,

"fields" : {

"english" : {

"type" : "text" ,

"analyzer" : "english"

} ,

"raw" : {

"type" : "keyword"

}

What is analyzer ?
Analyzer vs non-analyzer <=> Full-text vs exact value
Analyzer usually has the steps:

Character filter. (replace character)
Tokenizer. (Breaking text into terms)
Token filters. (Add / delete / correct tokens)

See the Elasticsearch built-in analyzer here https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-analyzers.html
Anlyzer example:

Hey man, how are you doing?

Whitespace analyzer: Hey | man, | how | are | you | doing? |
English analyzer: hei | man | how | you | do |

Test the newly created analyzer as follows

<span class="token constant">GET</span> post <span class="token operator">/</span> _analyze 
<span class="token punctuation">{</span>
  <span class="token string">"field"</span> <span class="token punctuation">:</span> <span class="token string">"title.english"</span> <span class="token punctuation">,</span>
  <span class="token string">"text"</span> <span class="token punctuation">:</span> <span class="token string">"Hey man, how are you doing?"</span>
<span class="token punctuation">}</span>
 <span class="token comment"># trả về hei man how you do</span>
<span class="token constant">GET</span> post <span class="token operator">/</span> _analyze 
<span class="token punctuation">{</span>
  <span class="token string">"field"</span> <span class="token punctuation">:</span> <span class="token string">"text.raw"</span> <span class="token punctuation">,</span>
  <span class="token string">"text"</span> <span class="token punctuation">:</span> <span class="token string">"Hey man, how are you doing?"</span>
<span class="token punctuation">}</span>
<span class="token comment"># trả về như cũ</span>

GET post / _analyze

{

"field" : "title.english" ,

"text" : "Hey man, how are you doing?"

}

# trả về hei man how you do

GET post / _analyze

{

"field" : "text.raw" ,

"text" : "Hey man, how are you doing?"

}

# trả về như cũ

Perform a search, assuming there are many documents, you search from working

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search
<span class="token punctuation">{</span>
    <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"multi_match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token string">"working"</span> <span class="token punctuation">,</span>
            <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token string">"title.raw"</span> <span class="token punctuation">]</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token comment"># trả về đúng những title chứa working</span>

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search
<span class="token punctuation">{</span>
    <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"multi_match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token string">"working"</span> <span class="token punctuation">,</span>
            <span class="token string">"fields"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token string">"title.english"</span> <span class="token punctuation">]</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token comment"># trả về cả nhưng title chứa work, working, working?, .....</span>

POST / post / _search

{

"query" : {

"multi_match" : {

"query" : "working" ,

"fields" : [ "title.raw" ]

}

# trả về đúng những title chứa working

POST / post / _search

{

"query" : {

"multi_match" : {

"query" : "working" ,

"fields" : [ "title.english" ]

}

# trả về cả nhưng title chứa work, working, working?, .....

Search

First, import this data set into https://gist.githubusercontent.com/lumosnysm/664e4b76c81eacefaa515c7c1133823c/raw/ebbd60808a868bc3626497d77e3f984747dfd9bb/post.json

curl <span class="token operator">-</span> <span class="token constant">H</span> <span class="token string">"Content-Type: application/json"</span> <span class="token operator">-</span> <span class="token constant">XPOST</span> <span class="token string">"localhost:9200/post/_bulk?pretty&amp;refresh"</span> <span class="token operator">--</span> data <span class="token operator">-</span> binary <span class="token string">"@post.json"</span>

curl - H "Content-Type: application/json" - XPOST "localhost:9200/post/_bulk?pretty&refresh" -- data - binary "@post.json"

To retrieve the entire document, use the GET method:
The results returned are paginated as follows

<span class="token constant">GET</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
  <span class="token string">"took"</span> <span class="token punctuation">:</span> <span class="token number">13</span> <span class="token punctuation">,</span>
  <span class="token string">"timed_out"</span> <span class="token punctuation">:</span> <span class="token keyword">false</span> <span class="token punctuation">,</span>
  <span class="token string">"_shards"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"total"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
    <span class="token string">"successful"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
    <span class="token string">"skipped"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
    <span class="token string">"failed"</span> <span class="token punctuation">:</span> <span class="token number">0</span>
  <span class="token punctuation">}</span> <span class="token punctuation">,</span>
  <span class="token string">"hits"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"total"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"value"</span> <span class="token punctuation">:</span> <span class="token number">963</span> <span class="token punctuation">,</span>
      <span class="token string">"relation"</span> <span class="token punctuation">:</span> <span class="token string">"eq"</span>
    <span class="token punctuation">}</span> <span class="token punctuation">,</span>
    <span class="token string">"max_score"</span> <span class="token punctuation">:</span> <span class="token number">1.0</span> <span class="token punctuation">,</span>
    <span class="token string">"hits"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
      <span class="token punctuation">{</span>
        <span class="token string">"_index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span> <span class="token punctuation">,</span>
        <span class="token string">"_type"</span> <span class="token punctuation">:</span> <span class="token string">"_doc"</span> <span class="token punctuation">,</span>
        <span class="token string">"_id"</span> <span class="token punctuation">:</span> <span class="token string">"6581"</span> <span class="token punctuation">,</span>
        <span class="token string">"_score"</span> <span class="token punctuation">:</span> <span class="token number">1.0</span> <span class="token punctuation">,</span>
        <span class="token string">"_source"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
          <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span> <span class="token punctuation">,</span>
          <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Combell won the Twinkle Award in the “Hosting &amp; Domain” category!"</span> <span class="token punctuation">,</span>
          <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token string">"Fri, 09 Dec 2016 09:30:27 +0000"</span> <span class="token punctuation">,</span>
          <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Combell"</span> <span class="token punctuation">,</span>
          <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
            <span class="token string">"Combell news"</span> <span class="token punctuation">,</span>
            <span class="token string">"award"</span> <span class="token punctuation">,</span>
            <span class="token string">"awards"</span> <span class="token punctuation">,</span>
            <span class="token string">"Combell"</span> <span class="token punctuation">,</span>
            <span class="token string">"twinkle"</span>
          <span class="token punctuation">]</span> <span class="token punctuation">,</span>
          <span class="token string">"guid"</span> <span class="token punctuation">:</span> <span class="token string">"6581"</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">}</span> <span class="token punctuation">,</span>
      <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>
      <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>

GET / post / _search ? pretty

# RESPONSE

{

"took" : 13 ,

"timed_out" : false ,

"_shards" : {

"total" : 1 ,

"successful" : 1 ,

"skipped" : 0 ,

"failed" : 0

} ,

"hits" : {

"total" : {

"value" : 963 ,

"relation" : "eq"

} ,

"max_score" : 1.0 ,

"hits" : [

{

"_index" : "post" ,

"_type" : "_doc" ,

"_id" : "6581" ,

"_score" : 1.0 ,

"_source" : {

"language" : "en" ,

"title" : "Combell won the Twinkle Award in the “Hosting & Domain” category!" ,

"date" : "Fri, 09 Dec 2016 09:30:27 +0000" ,

"author" : "Combell" ,

"category" : [

"Combell news" ,

"award" ,

"awards" ,

"Combell" ,

"twinkle"

] ,

"guid" : "6581"

}

} ,

. . . . . .

or you can use POST and pass it to the json, the results are identical

<span class="token constant">POST</span> <span class="token operator">/</span> bank <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
		<span class="token string">"match_all"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token punctuation">}</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>

POST / bank / _search ? pretty

{

"query" : {

"match_all" : { }

}

similar 2 ways below are equivalent

<span class="token comment"># lấy tất cả post có author "Combell"</span>
<span class="token constant">GET</span> bank <span class="token operator">/</span> _search <span class="token operator">?</span> pretty <span class="token operator">&amp;</span> q <span class="token operator">=</span> author <span class="token symbol">:Combell</span>

<span class="token constant">POST</span> bank <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
		<span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
			<span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Combell"</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# lấy tất cả post có author "Combell"

GET bank / _search ? pretty & q = author :Combell

POST bank / _search ? pretty

{

"query" : {

"match" : {

"author" : "Combell"

}

To count documents, we use count

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _count
<span class="token punctuation">{</span>
	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
		<span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
			<span class="token string">"filter"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
				<span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
					<span class="token string">"title.raw"</span> <span class="token punctuation">:</span> <span class="token string">"Combell won the Twinkle Award in the “Hosting &amp; Domain” category!"</span>
				<span class="token punctuation">}</span>
			<span class="token punctuation">}</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token comment"># trả về 1 do search raw sẽ tìm theo chính xác cả câu</span>

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _count
<span class="token punctuation">{</span>
	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
		<span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
			<span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Combell won the Twinkle Award in the “Hosting &amp; Domain” category!"</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token comment"># trả về 546 do search full-text nên tìm theo từng từ</span>

POST / post / _count

{

"query" : {

"bool" : {

"filter" : {

"term" : {

"title.raw" : "Combell won the Twinkle Award in the “Hosting & Domain” category!"

}

# trả về 1 do search raw sẽ tìm theo chính xác cả câu

POST / post / _count

{

"query" : {

"match" : {

"title" : "Combell won the Twinkle Award in the “Hosting & Domain” category!"

}

# trả về 546 do search full-text nên tìm theo từng từ

Filter and Query

Filter :

Does the document match? (Yes or no).
Not interested in relevance.
Fast and cache.
Used for non-analyzed fields (as above, I have to be raw).

Query :

Is the matched document good?
Full-text search.
Use for analyzed school.

Example of using filter :

<span class="token comment"># tìm theo nhiều id</span>
<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"filter"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"ids"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
          <span class="token string">"values"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span> <span class="token number">6515</span> <span class="token punctuation">,</span> <span class="token number">6581</span> <span class="token punctuation">,</span> <span class="token number">6690</span> <span class="token punctuation">]</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# tìm theo nhiều id

POST / post / _search

{

"query" : {

"bool" : {

"filter" : {

"ids" : {

"values" : [ 6515 , 6581 , 6690 ]

}

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"filter"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
          <span class="token string">"must"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
            <span class="token punctuation">{</span>
              <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token punctuation">{</span>
              <span class="token string">"range"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                  <span class="token string">"gte"</span> <span class="token punctuation">:</span> <span class="token string">"2016-01-01"</span> <span class="token punctuation">,</span>
                  <span class="token string">"format"</span> <span class="token punctuation">:</span> <span class="token string">"yyyy-MM-dd"</span>
                <span class="token punctuation">}</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">]</span> <span class="token punctuation">,</span>
          <span class="token string">"must_not"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
            <span class="token punctuation">{</span>
              <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token string">"joomla"</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">]</span> <span class="token punctuation">,</span>
          <span class="token string">"should"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
            <span class="token punctuation">{</span>
              <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token string">"Hosting"</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token punctuation">{</span>
              <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token string">"evangelist"</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">]</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

POST / post / _search

{

"query" : {

"bool" : {

"filter" : {

"bool" : {

"must" : [

{

"term" : {

"language" : "en"

}

} ,

{

"range" : {

"date" : {

"gte" : "2016-01-01" ,

"format" : "yyyy-MM-dd"

}

] ,

"must_not" : [

{

"term" : {

"category" : "joomla"

}

] ,

"should" : [

{

"term" : {

"category" : "Hosting"

}

} ,

{

"term" : {

"category" : "evangelist"

}

]

}

I have to use must , must_not , should .
Can be understood simply: must be AND , must_not is NOT , and should be OR .

Relevance

See the following example using query

<span class="token comment"># tìm các post có title 'good news' và language là english</span>
<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"must"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"good news"</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span> <span class="token punctuation">,</span>
        <span class="token punctuation">{</span>
          <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"filter"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
              <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span>
              <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">]</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

<span class="token comment"># RESPONSE</span>
<span class="token punctuation">{</span>
    <span class="token string">"took"</span> <span class="token punctuation">:</span> <span class="token number">9</span> <span class="token punctuation">,</span>
    <span class="token string">"timed_out"</span> <span class="token punctuation">:</span> <span class="token keyword">false</span> <span class="token punctuation">,</span>
    <span class="token string">"_shards"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"total"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
        <span class="token string">"successful"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
        <span class="token string">"skipped"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
        <span class="token string">"failed"</span> <span class="token punctuation">:</span> <span class="token number">0</span>
    <span class="token punctuation">}</span> <span class="token punctuation">,</span>
    <span class="token string">"hits"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"total"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"value"</span> <span class="token punctuation">:</span> <span class="token number">8</span> <span class="token punctuation">,</span>
            <span class="token string">"relation"</span> <span class="token punctuation">:</span> <span class="token string">"eq"</span>
        <span class="token punctuation">}</span> <span class="token punctuation">,</span>
        <span class="token string">"max_score"</span> <span class="token punctuation">:</span> <span class="token number">9.71229</span> <span class="token punctuation">,</span>
        <span class="token string">"hits"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
            <span class="token punctuation">{</span>
                <span class="token string">"_index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span> <span class="token punctuation">,</span>
                <span class="token string">"_type"</span> <span class="token punctuation">:</span> <span class="token string">"_doc"</span> <span class="token punctuation">,</span>
                <span class="token string">"_id"</span> <span class="token punctuation">:</span> <span class="token string">"3707"</span> <span class="token punctuation">,</span>
                <span class="token string">"_score"</span> <span class="token punctuation">:</span> <span class="token number">9.71229</span> <span class="token punctuation">,</span>
                <span class="token string">"_source"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span> <span class="token punctuation">,</span>
                    <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Good news for you and your Exchange mailbox with Combell"</span> <span class="token punctuation">,</span>
                    <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token string">"Mon, 16 Dec 2013 13:30:55 +0000"</span> <span class="token punctuation">,</span>
                    <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Romy"</span> <span class="token punctuation">,</span>
                    <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
                        <span class="token string">"News"</span>
                    <span class="token punctuation">]</span> <span class="token punctuation">,</span>
                    <span class="token string">"guid"</span> <span class="token punctuation">:</span> <span class="token string">"3707"</span>
                <span class="token punctuation">}</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token punctuation">{</span>
                <span class="token string">"_index"</span> <span class="token punctuation">:</span> <span class="token string">"post"</span> <span class="token punctuation">,</span>
                <span class="token string">"_type"</span> <span class="token punctuation">:</span> <span class="token string">"_doc"</span> <span class="token punctuation">,</span>
                <span class="token string">"_id"</span> <span class="token punctuation">:</span> <span class="token string">"5895"</span> <span class="token punctuation">,</span>
                <span class="token string">"_score"</span> <span class="token punctuation">:</span> <span class="token number">4.979878</span> <span class="token punctuation">,</span>
                <span class="token string">"_source"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                    <span class="token string">"language"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span> <span class="token punctuation">,</span>
                    <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"Apple.news: where iOS 9’s News app is to be found"</span> <span class="token punctuation">,</span>
                    <span class="token string">"date"</span> <span class="token punctuation">:</span> <span class="token string">"Fri, 25 Sep 2015 09:56:41 +0000"</span> <span class="token punctuation">,</span>
                    <span class="token string">"author"</span> <span class="token punctuation">:</span> <span class="token string">"Romy"</span> <span class="token punctuation">,</span>
                    <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
                        <span class="token string">"Combell news"</span> <span class="token punctuation">,</span>
                        <span class="token string">"Domain names"</span> <span class="token punctuation">,</span>
                        <span class="token string">"News"</span> <span class="token punctuation">,</span>
                        <span class="token string">"Sector news"</span> <span class="token punctuation">,</span>
                        <span class="token string">".movie"</span> <span class="token punctuation">,</span>
                        <span class="token string">".news"</span> <span class="token punctuation">,</span>
                        <span class="token string">".xyz"</span> <span class="token punctuation">,</span>
                        <span class="token string">"Apple"</span> <span class="token punctuation">,</span>
                        <span class="token string">"apps"</span> <span class="token punctuation">,</span>
                        <span class="token string">"new domain names"</span> <span class="token punctuation">,</span>
                        <span class="token string">"new tld"</span>
                    <span class="token punctuation">]</span> <span class="token punctuation">,</span>
                    <span class="token string">"guid"</span> <span class="token punctuation">:</span> <span class="token string">"5895"</span>
                <span class="token punctuation">}</span>
            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
            <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>
            <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>

# tìm các post có title 'good news' và language là english

POST / post / _search ? pretty

{

"query" : {

"bool" : {

"must" : [

{

"match" : {

"title" : "good news"

}

} ,

{

"bool" : {

"filter" : {

"term" : {

"language" : "en"

}

]

}

# RESPONSE

{

"took" : 9 ,

"timed_out" : false ,

"_shards" : {

"total" : 1 ,

"successful" : 1 ,

"skipped" : 0 ,

"failed" : 0

} ,

"hits" : {

"total" : {

"value" : 8 ,

"relation" : "eq"

} ,

"max_score" : 9.71229 ,

"hits" : [

{

"_index" : "post" ,

"_type" : "_doc" ,

"_id" : "3707" ,

"_score" : 9.71229 ,

"_source" : {

"language" : "en" ,

"title" : "Good news for you and your Exchange mailbox with Combell" ,

"date" : "Mon, 16 Dec 2013 13:30:55 +0000" ,

"author" : "Romy" ,

"category" : [

"News"

] ,

"guid" : "3707"

}

} ,

{

"_index" : "post" ,

"_type" : "_doc" ,

"_id" : "5895" ,

"_score" : 4.979878 ,

"_source" : {

"language" : "en" ,

"title" : "Apple.news: where iOS 9’s News app is to be found" ,

"date" : "Fri, 25 Sep 2015 09:56:41 +0000" ,

"author" : "Romy" ,

"category" : [

"Combell news" ,

"Domain names" ,

"News" ,

"Sector news" ,

".movie" ,

".news" ,

".xyz" ,

"Apple" ,

"apps" ,

"new domain names" ,

"new tld"

] ,

"guid" : "5895"

}

} ,

Note the sections max_score, _score . The first doc contains both ‘good’ and ‘news’ so the score is 9.7 higher than the second doc, 4.9 when only the word news is included. And the returned results are sorted in order from high-> low

In addition, we can also use the following as an overall score of 1.0, so we will be free to arrange the result of any magnetic field at will. This way the Elasticsearch variable is more like a NoSQL database than a Full-text search engine

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"constant_score"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"filter"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"term"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span> <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token string">"tools"</span> <span class="token punctuation">}</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

POST / post / _search

{

"query" : {

"constant_score" : {

"filter" : {

"term" : { "category" : "tools" }

}

See another example:

<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"must"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"good news"</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">]</span> <span class="token punctuation">,</span>
      <span class="token string">"should"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token string">"apps"</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">]</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

POST / post / _search ? pretty

{

"query" : {

"bool" : {

"must" : [

{

"match" : {

"title" : "good news"

}

] ,

"should" : [

{

"match" : {

"category" : "apps"

}

]

}

The above should use should . The special thing should when used in query different from in the filter . In a filter it should be as simple as an OR operation, the result will be returned regardless of whether there should be a match or not. Also in the query , should have if match will increase relevance of that document.
As the above request, remains the same, we search for posts where the title contains ‘good news’, in addition the score will be boosted if the document has the category ‘apps’. Test run to see if the doc has id 5895 whose category contains ‘apps’ after running the above request with a score of 7.7 higher than 4.9 when not searching with should .

In addition, we can manually declare boost queries as follows:

<span class="token comment"># query time boosting</span>
<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
  <span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"bool"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"must"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"title"</span> <span class="token punctuation">:</span> <span class="token string">"good news"</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">]</span> <span class="token punctuation">,</span>
      <span class="token string">"should"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token string">"apps"</span> <span class="token punctuation">,</span>
            	<span class="token string">"boost"</span> <span class="token punctuation">:</span> <span class="token number">3</span> <span class="token comment"># nếu category chứa apps thì boost 3 điểm</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span> <span class="token punctuation">,</span>
        <span class="token punctuation">{</span>
          <span class="token string">"match"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"category"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            	<span class="token string">"query"</span> <span class="token punctuation">:</span> <span class="token string">"Tools"</span> <span class="token punctuation">,</span>
            	<span class="token string">"boost"</span> <span class="token punctuation">:</span> <span class="token number">2</span> <span class="token comment"># nếu category chứa tools thì boost 2 điểm</span>
            <span class="token punctuation">}</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">]</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

# query time boosting

POST / post / _search ? pretty

{

"query" : {

"bool" : {

"must" : [

{

"match" : {

"title" : "good news"

}

] ,

"should" : [

{

"match" : {

"category" : {

"query" : "apps" ,

"boost" : 3 # nếu category chứa apps thì boost 3 điểm

}

} ,

{

"match" : {

"category" : {

"query" : "Tools" ,

"boost" : 2 # nếu category chứa tools thì boost 2 điểm

}

]

}

Aggregation

Basic aggregation is group by in SQL database, but stronger.

<span class="token constant">SELECT</span> author
<span class="token constant">FROM</span> post
<span class="token constant">GROUP</span> <span class="token constant">BY</span> author

<span class="token comment"># tương tự với</span>
<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
  <span class="token string">"aggs"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"popular_blogers"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"terms"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"field"</span> <span class="token punctuation">:</span> <span class="token string">"author"</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

<span class="token comment"># RESPONSE</span>
<span class="token string">"aggregations"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"popular_blogers"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"doc_count_error_upper_bound"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
            <span class="token string">"sum_other_doc_count"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
            <span class="token string">"buckets"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
                <span class="token punctuation">{</span>
                    <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"Romy"</span> <span class="token punctuation">,</span>
                    <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">458</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token punctuation">{</span>
                    <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"Jimmy Cappaert"</span> <span class="token punctuation">,</span>
                    <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">160</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token punctuation">{</span>
                    <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"Tom"</span> <span class="token punctuation">,</span>
                    <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">145</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>
                <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>

SELECT author

FROM post

GROUP BY author

# tương tự với

POST / post / _search ? pretty

{

"aggs" : {

"popular_blogers" : {

"terms" : {

"field" : "author"

}

# RESPONSE

"aggregations" : {

"popular_blogers" : {

"doc_count_error_upper_bound" : 0 ,

"sum_other_doc_count" : 1 ,

"buckets" : [

{

"key" : "Romy" ,

"doc_count" : 458

} ,

{

"key" : "Jimmy Cappaert" ,

"doc_count" : 160

} ,

{

"key" : "Tom" ,

"doc_count" : 145

} ,

We can even query nested for further data analysis:

<span class="token comment"># group theo author, sau đó đếm xem có bao nhiêu bài post ở mỗi ngôn ngữ.</span>
<span class="token constant">POST</span> <span class="token operator">/</span> post <span class="token operator">/</span> _search <span class="token operator">?</span> pretty
<span class="token punctuation">{</span>
  <span class="token string">"aggs"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
    <span class="token string">"popular_blogers"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
      <span class="token string">"terms"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"field"</span> <span class="token punctuation">:</span> <span class="token string">"author"</span>
      <span class="token punctuation">}</span> <span class="token punctuation">,</span>
      <span class="token string">"aggs"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"used_languages"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
          <span class="token string">"terms"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"field"</span> <span class="token punctuation">:</span> <span class="token string">"language"</span> <span class="token punctuation">,</span>
            <span class="token string">"size"</span> <span class="token punctuation">:</span> <span class="token number">10</span>
          <span class="token punctuation">}</span>
        <span class="token punctuation">}</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

<span class="token comment"># RESPONSE</span>
<span class="token string">"aggregations"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
        <span class="token string">"popular_blogers"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
            <span class="token string">"doc_count_error_upper_bound"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
            <span class="token string">"sum_other_doc_count"</span> <span class="token punctuation">:</span> <span class="token number">1</span> <span class="token punctuation">,</span>
            <span class="token string">"buckets"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
                <span class="token punctuation">{</span>
                    <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"Romy"</span> <span class="token punctuation">,</span>
                    <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">458</span> <span class="token punctuation">,</span>
                    <span class="token string">"used_languages"</span> <span class="token punctuation">:</span> <span class="token punctuation">{</span>
                        <span class="token string">"doc_count_error_upper_bound"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
                        <span class="token string">"sum_other_doc_count"</span> <span class="token punctuation">:</span> <span class="token number">0</span> <span class="token punctuation">,</span>
                        <span class="token string">"buckets"</span> <span class="token punctuation">:</span> <span class="token punctuation">[</span>
                            <span class="token punctuation">{</span>
                                <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"en"</span> <span class="token punctuation">,</span>
                                <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">284</span>
                            <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                            <span class="token punctuation">{</span>
                                <span class="token string">"key"</span> <span class="token punctuation">:</span> <span class="token string">"nl"</span> <span class="token punctuation">,</span>
                                <span class="token string">"doc_count"</span> <span class="token punctuation">:</span> <span class="token number">174</span>
                            <span class="token punctuation">}</span>
                        <span class="token punctuation">]</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span> <span class="token punctuation">,</span>
                <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>
                <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span> <span class="token punctuation">.</span>

# group theo author, sau đó đếm xem có bao nhiêu bài post ở mỗi ngôn ngữ.

POST / post / _search ? pretty

{

"aggs" : {

"popular_blogers" : {

"terms" : {

"field" : "author"

} ,

"aggs" : {

"used_languages" : {

"terms" : {

"field" : "language" ,

"size" : 10

}

# RESPONSE

"aggregations" : {

"popular_blogers" : {

"doc_count_error_upper_bound" : 0 ,

"sum_other_doc_count" : 1 ,

"buckets" : [

{

"key" : "Romy" ,

"doc_count" : 458 ,

"used_languages" : {

"doc_count_error_upper_bound" : 0 ,

"sum_other_doc_count" : 0 ,

"buckets" : [

{

"key" : "en" ,

"doc_count" : 284

} ,

{

"key" : "nl" ,

"doc_count" : 174

}

]

}

} ,

So I went over some basic things in Elasticsearch, hope it will help you.

Refer
https://www.elastic.co/
https://github.com/ThijsFeryn/elasticsearch_tutorial

Share the news now

Source : Viblo

Elasticsearch in action

What is Elasticsearch?

Download Elasticseach.

Some concepts.

Index.

Document.

Mapping.

Analyzers.

Search

Filter and Query

Relevance

Aggregation

TikTok becomes the second largest social platform in South Africa

The fastest depreciating after 9 months of launch, iPhone 14 Pro Max continues to break the bottom in Vietnam

Beginner's guide to R: Introduction

10 essential SublimeText plugins for JavaScript developers