java elasticsearch query without java API - java
I try to query an existing elasticsearch base in java without using the Java API.
This elasticsearch base belongs to an ELK cluster.
The correct cURL query is :
curl -XGET 'http://10.60.74.134:9200/logstash-2015.04.09/_search?pretty' -d '{
"facets": {
"0": {
"date_histogram": {
"field": "#timestamp",
"interval": "5m"
},
"global": true,
"facet_filter": {
"fquery": {
"query": {
"filtered": {
"query": {
"query_string": {
"query": "*"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"#timestamp": {
"from": 1428558001338,
"to": 1428579601338
}
}
},
{
"terms": {
"_type": [
"akaoatg-monitoring"
]
}
}
]
}
}
}
}
}
}
}
},
"size": 0
}'
which works perfectly fine and returns me my JSON results :
{
"took" : 185,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 9106263,
"max_score" : 0.0,
"hits" : [ ]
},
"facets" : {
"0" : {
"_type" : "date_histogram",
"entries" : [ {
"time" : 1428458700000,
"count" : 2429
}, {
"time" : 1428459000000,
"count" : 21128
}, {
"time" : 1428459300000,
"count" : 21354
} ]
}
}
}
I tried to get the same results using an http request in java :
try {
URL url = new URL("http://10.60.74.134:9200/logstash-2015.04.09/_search?pretty'-d'{\"facets\":{\"terms\":{\"terms\":{\"field\":\"_type\",\"size\":10,\"order\":\"count\",\"exclude\":[]},\"facet_filter\":{\"fquery\":{\"query\":{\"filtered\":{\"query\":{\"bool\":{\"should\":[{\"query_string\":{\"query\":\"*\"}}]}},\"filter\":{\"bool\":{\"must\":[{\"range\":{\"#timestamp\":{\"from\":1428558001341,\"to\":1428579601341}}},{\"terms\":{\"_type\":[\"akaoatg-monitoring\"]}}]}}}}}}}},\"size\":0}");
BufferedReader br = new BufferedReader(new InputStreamReader(url.openStream()));
String strTemp;
while((strTemp = br.readLine()) != null){
System.out.println(strTemp);
}
} catch (Exception ex) {
ex.printStackTrace();
}
The URL I am using here is the cURL request formatted to fit in an http request.
This request returns me a single String which does not contain the same result.
here is a part of the java result :
{"took":22,
"timed_out":false,
"_shards":{"total":5,
"successful":5,
"failed":0},
"hits":{"total":4621367,
"max_score":1.0,
"hits":[{"_index":"logstash-2015.04.09",
"_type":"xxx",
"_id":"xxx",
"_score":xxx,
"_source":{"#version":"xxx",
"#timestamp":"2015-04-09T01:09:59.347Z",
"host":"xxx",
"type":"xxx",
"sys_priority":"xxx",
"sys_timestamp":"xxx",
"logsource":"xxx",
"application":"xxx",
"year":"2015",
"month":"04",
"day":"09",
"hour":"01",
"minute":"09",
"second":"58",
"trace_level":"3",
"host_name":"xxx",
"adh_port":"xxx",
"timestamp_adh":1428541798954,
"time_adh":27,
"adh_uuid":"xxx",
"Service":"xxx",
"ReturnCode":"0",
"ErrorMessage":"null",
"Site":"null",
"BaseType":"null",
"PlatForm":"0",
"Cad_sender":"",
"Domain":"xxx",
"Freshness":"9",
"ClientProcessID":"xxx",
"CallMode":"S",
"SystemMode":"R",
"Sad_receiver":"",
"ConnectionType":"IP",
"DataFormat":"",
"HeaderType":"H4",
"AdhesionVersion":"null",
"Length":"10",
"ConnectionInfo":"null",
"ConnectionInfoKey":"null",
"Comments":"null",
"ActionCode":"null",
"TimeStamp":20150409010958,
"ServerProgramName":"null",
"TransactionCode":"null",
"TraceLevel":"null",
"LU":"null",
"HostName":"xxx",
"Port":"xxx",
"Timer":20,
"SendQueue":"null",
"ReturnQueue":"",
"PDM":"",
"RFU":"null",
"FTU":"",
"ActivationFlag":"null",
"HistoryQueue":"null",
"ErrorQueue":"null",
"CallReference":"xxx",
"IPAddress":"xxx",
"MessageType":"I",
"ProgramName":"null",
"UserName":"xxx",
"BeginTime":"24:00:00",
"EndTime":"24:00:00",
"duration":0,
"cnx_running":0,
"cnx_max":0}}]}}
Any idea of what I'm doing wrong ?
Your request sent via Java is malformed: there is no "facets": { "0": {...}} part in it. (At least the '0' is missing). Hence the server seems to ignore that part and just give you a bunch of raw entries (the default output)
The problem was the type of request, I had to send a POST request instead of a GET one.
Used this code :
String url = "http://10.60.74.134:9200/logstash-2015.04.09/_search?pretty'-d'";
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
String urlParameters = "{\"facets\":{\"0\":{\"date_histogram\":{\"field\":\"#timestamp\",\"interval\":\"5m\"},\"global\":true,\"facet_filter\":{\"fquery\":{\"query\":{\"filtered\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":{\"bool\":{\"must\":[{\"range\":{\"#timestamp\":{\"from\":1428558001338,\"to\":1428579601338}}},{\"terms\":{\"_type\":[\"akaoatg-monitoring\"]}}]}}}}}}}},\"size\":0}";
thanks to this tutorial
Related
ElasticSearch - matchPhraseQuery API to search with multiple fields
Am searching for specific field which is having ngram tokenizer and am querying that field (code) using matchPhraseQuery and it is working fine.
Now, i want to search with 3 field. How can we do this.?
Please find my java code which am searching for only one field (code).
SearchRequest searchRequest = new SearchRequest(INDEX);
searchRequest.types(TYPE);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
QueryBuilder qb = QueryBuilders.matchPhraseQuery("code", code);
searchSourceBuilder.query(qb);
searchSourceBuilder.size(10);
searchRequest.source(searchSourceBuilder);
Please find my mappings details below :
PUT products
{
"settings": {
"analysis": {
"analyzer": {
"custom_analyzer": {
"type": "custom",
"tokenizer": "ngram",
"char_filter": [
"html_strip"
],
"filter": [
"lowercase",
"asciifolding"
]
}
}
}
},
"mappings": {
"doc": {
"properties": {
"code": {
"type": "text",
"analyzer": "custom_analyzer"
},
"attribute" : {
"type" : "text",
"analyzer" : "custom_analyzer"
},
"term" : {
"type" : "text",
"analyzer" : "custom_analyzer"
}
}
}
}
}
Now, i want to make a search query for 3 fields code, attribute, term
I have tried the below java code, which is not working as expected :
BoolQueryBuilder orQuery = QueryBuilders.boolQuery();
QueryBuilder qb1 = QueryBuilders.matchPhraseQuery("catalog_keywords", keyword);
QueryBuilder qb2 = QueryBuilders.matchPhraseQuery("product_keywords", keyword);
orQuery.should(qb1);
orQuery.should(qb2);
orQuery.minimumShouldMatch(1);
searchSourceBuilder.query(orQuery);
searchSourceBuilder.size(10);
searchRequest.source(searchSourceBuilder);
My Input Query :
Logi
Output am getting like :
"MateriaĆy, programy doborowe | Marketing | Katalogi, broszury"
Which is totally irrelavant to my query. Expected results is, Logiciels
And my field having value with delimiters |, so i just want only the exact match of the word/character. It should not print with all the delimiters and all.
Use bool query :
GET products/_search
{
"query": {
"bool": {
"must": [
{
"match_phrase": {
"FIELD": "PHRASE"
}
},
{
"match_phrase": {
"FIELD": "PHRASE"
}
},
{
"match_phrase": {
"FIELD": "PHRASE"
}
}
]
}
}
}
ElasticSearch - JavaApi searching by each character instead of term (word)
Am fetching documents from elastic search using java api, i have the following code in my elastic search documents and am trying to search it with the following pattern.
code : MS-VMA1615-0D
Input : MS-VMA1615-0D -- Am getting the results (MS-VMA1615-0D).
Input : VMA1615 -- Am getting the results (MS-VMA1615-0D) .
Input : VMA -- Am getting the results (MS-VMA1615-0D) .
But, if i give input like below, am not getting results.
Input : V -- Am not getting the results.
INPUT : MS -- Am not getting the results.
INPUT : -V -- Am not getting the results.
INPUT : 615 -- Am not getting the results.
Am expecting to return the code MS-VMA1615-0D. In simple, am trying to search character by character instead of term (word).
It should not return the code MS-VMA1615-0D for the following cases, Because its not matching with my code.
Input : VK -- should not return the results.
INPUT : MS3 -- should not return the results.
Please find my below java code that am using
private final String INDEX = "products";
private final String TYPE = "doc";
SearchRequest searchRequest = new SearchRequest(INDEX);
searchRequest.types(TYPE);
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
QueryStringQueryBuilder qsQueryBuilder = new QueryStringQueryBuilder(code);
qsQueryBuilder.defaultField("code");
searchSourceBuilder.query(qsQueryBuilder);
searchSourceBuilder.size(50);
searchRequest.source(searchSourceBuilder);
SearchResponse searchResponse = null;
try {
searchResponse = SearchEngineClient.getInstance().search(searchRequest);
} catch (IOException e) {
e.getLocalizedMessage();
}
Item item = null;
SearchHit[] searchHits = searchResponse.getHits().getHits();
Please find my mapping details :
PUT products
{
"settings": {
"analysis": {
"analyzer": {
"custom_analyzer": {
"type": "custom",
"tokenizer": "my_pattern_tokenizer",
"char_filter": [
"html_strip"
],
"filter": [
"lowercase",
"asciifolding"
]
}
},
"tokenizer": {
"my_pattern_tokenizer": {
"type": "pattern",
"pattern": "-|\\d"
}
}
}
},
"mappings": {
"doc": {
"properties": {
"code": {
"type": "text",
"analyzer": "custom_analyzer"
}
}
}
}
}
After Update with new Answer :
This is my request via Java API
'SearchRequest{searchType=QUERY_THEN_FETCH, indices=[products], indicesOptions=IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_aliases_to_multiple_indices=true, forbid_closed_indices=true, ignore_aliases=false], types=[doc], routing='null', preference='null', requestCache=null, scroll=null, maxConcurrentShardRequests=0, batchedReduceSize=512, preFilterShardSize=128, source={"size":50,"query":{"match_phrase":{"code":{"query":"1615","slop":0,"boost":1.0}}}}}
' . But am getting response as null
Follow up: ElasticSearch - JavaApi searching not happening without (*) in my input query
Your mapping should look like:
PUT products
{
"settings": {
"analysis": {
"analyzer": {
"custom_analyzer": {
"type": "custom",
"tokenizer": "ngram",
"char_filter": [
"html_strip"
],
"filter": [
"lowercase",
"asciifolding"
]
}
}
}
},
"mappings": {
"doc": {
"properties": {
"code": {
"type": "text",
"analyzer": "custom_analyzer"
}
}
}
}
}
And you should be using a match_phrase query.
In Kibana:
GET products/_search
{
"query": {
"match_phrase": {
"code": "V"
}
}
}
will return the result:
"hits": [
{
"_index": "products",
"_type": "doc",
"_id": "EoGtdGQBqdof7JidJkM_",
"_score": 0.2876821,
"_source": {
"code": "MS-VMA1615-0D"
}
}
]
But this:
GET products/_search
{
"query": {
"match_phrase": {
"code": "VK"
}
}
}
wont:
{
"took": 10,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
}
}
Based on your comment:
Instead of using a Query string:
QueryStringQueryBuilder qsQueryBuilder = new QueryStringQueryBuilder(code);
qsQueryBuilder.defaultField("code");
searchSourceBuilder.query(qsQueryBuilder);
searchSourceBuilder.size(50);
searchRequest.source(searchSourceBuilder);
Use a match phrase query:
QueryBuilder query = QueryBuilders.matchPhraseQuery("code", code);
searchSourceBuilder.query(query);
searchSourceBuilder.size(50);
searchRequest.source(searchSourceBuilder);
Elasticsearch: Filter Query not working
I've been working to change my query to a filter in Elasticsearch using the java api. I've made sure that the fields I am running searches on are set to "not_analzed".
Here is the java code for the filter:
FilterBuilder andFilter = FilterBuilders.andFilter(FilterBuilders.termFilter("thread_name", keyword), FilterBuilders.termFilter("site_name", "test_site"));
QueryBuilder filteredQuery = QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(), andFilter);
SearchResponse threadResponse = client.prepareSearch("thread_and_messages").setQuery(filteredQuery).setSize(20).setFrom(firstRowOffset).execute().actionGet();
This then gets translated to this in JSON:
"filtered" : {
"query" : {
"match_all" : { }
},
"filter" : {
"and" : {
"filters" : [ {
"term" : {
"thread_name" : "apple"
}
}, {
"term" : {
"site_name" : "test_site"
}
} ]
}
}
}
When I try to do any searches it won't return the document I'm looking for which is thread_name: Apple and site_name: test_site.
Also when I run this using a curl command it won't find that document either.
Can anyone see what I'm doing wrong here?
You can use must clause.That will perform and operation
"query": {
"bool": {
"must": [
{
"query_string": {
"default_field": "thread_name",
"query": "apple"
}
},
{
"query_string": {
"default_field": "site_name",
"query": "test_site"
}
}
]
}
}
Elasticsearch complex query using Java API
I am trying to query on ElasticSearch using Java API, my query is:
curl -XGET 'http://localhost:9200/logstash-*/_search?search_type=count' -d '
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"and" : [
{
"range": {
"timestamp": {
"gte": "2015-08-20",
"lt": "2015-08-21",
"format": "yyyy-MM-dd",
"time_zone": "+8:00"
}
}
},
{"query": {
"match": {
"request": {
"query": "/v2/brand"
}
}
}
},
{"term": { "response" : "200"}
}
]
}
}
},
"aggs": {
"group_by_device_id": {
"terms": {
"field": "clientip"
}
}
}
}'
The similar sql logic is:
select distinct(clientip) from table where timestamp between '2015-08-20' and '2015-08-21' and request like '/v2/brand%' and response = '200'
How to implement it using Java API?
Please guide I am new to ElasticSearch. Thanks in advance!
I have resolved the problem, below is my codes:
SearchResponse scrollResp1 = client.prepareSearch("logstash-*").setSearchType(SearchType.SCAN).
setQuery(QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(),
FilterBuilders.andFilter(FilterBuilders.termFilter("response", "200")
, FilterBuilders.rangeFilter("timestamp").gte(startDate).lt
(endDate), FilterBuilders.queryFilter
(QueryBuilders.matchQuery("request", "signup"))
)))
.addAggregation(AggregationBuilders.terms
("group_by_client_ip").size(0).field("clientip")).get();
Elasticsearch java api filteredQuery
I have this query used with Exists API from elasticsearch (1.4.4) :
curl -XPOST 'http://elasticsearch:9200/_search/exists' -d '
{
"query": {
"filtered": {
"query": {
"match_phrase": {
"message": "2014-12-04 00:00:01 CET Tx[XXXXXXXX] cmd[INSERT] PID[XXXX] DB[XXXXX] LOG: some log info here ;-) \r"
}
},
"filter": {
"term" : {
"some_field" :"some_value"
}
}
}
}
}'
This works fine (return true when it has to be) but when I tried to do the same with java API like this :
Client client = this.createClient();
QueryBuilder queryBuilder = QueryBuilders.filteredQuery(
QueryBuilders.matchPhraseQuery("message", "the same message"),
FilterBuilders.termFilter("some_field", "some value")
);
System.out.println(queryBuilder.toString());
ExistsResponse response = client.prepareExists("existsMessage")
.setTypes(type)
.setIndicesOptions(IndicesOptions.fromOptions(true, true, true, false))
.setQuery(queryBuilder).execute().actionGet();
System.out.println(response.exists());
client.close();
But the result is always false! So I print the request build by the and it's different than want I wanted. So is there a way to do exactly my first request from source json or other way using api builders?
Edit :
The output of queryBuilder.toString()) :
{
"filtered" : {
"query" : {
"match" : {
"message" : {
"query" : "the same message\r",
"type" : "phrase"
}
}
},
"filter" : {
"term" : {
"some field" : "some value"
}
}
}
}