Elasticsearch Elasticsearch Query DSL Examples

By Opster Expert Team - May 2023

Updated: Jan 28, 2024

| 3 min read

Elasticsearch Query Examples: Advanced Techniques and Best Practices

Introduction

Elasticsearch provides a rich query language that allows users to search and analyze data in real-time. In this article, we will explore advanced techniques and best practices for constructing Elasticsearch queries, focusing on the Query DSL (Domain Specific Language) and providing practical examples to help you get the most out of your search experience.

1. Bool Query

The bool query is a compound query that allows you to combine multiple queries using boolean logic. It has four main clauses: must, filter, should, and must_not.

Example:

GET /_search
{
"query": {
"bool": {
"must": [
{ "match": { "title": "elasticsearch" }},
{ "match": { "content": "query" }}
],
"filter": [
{ "range": { "publish_date": { "gte": "2021-01-01" }}}
],
"should": [
{ "match": { "tags": "tutorial" }}
],
"must_not": [
{ "match": { "status": "draft" }}
]
}
}
}

In this example, the query will return documents that have “elasticsearch” in the title and “query” in the “content”, published on or after January 1, 2021, and not in draft status. Additionally, documents with the “tutorial” tag will be scored higher.

2. Boosting Query

Boosting query allows you to influence the relevance score of documents by increasing or decreasing the score of documents that match certain criteria.

Example:

GET /_search
{
"query": {
"boosting": {
"positive": {
"match": { "title": "elasticsearch" }
},
"negative": {
"match": { "content": "deprecated" }
},
"negative_boost": 0.5
}
}
}

In this example, documents with “elasticsearch” in the title will have their scores boosted, while documents containing “deprecated” in the content will have their scores reduced by a factor of 0.5.

3. Match Query

The match query is used to search for documents containing the specified query terms. It allows you to search multiple terms against a text or keyword field.

Example:

GET /_search
{
  "query": {
    "match": {
      "message": {
        "query": "quick brown fox"
      }
    }
  }
}

In this example, documents matching “quick brown fox” in the message field will be returned.

4. Range Query

The range query is used to search for documents containing values within the specified range. It allows you to search against numeric and date fields.

Example:

GET /_search
{
  "query": {
    "range": {
      "date": {
        "gte": "2022-01-01",
        "lt": "2023-01-01"
      }
    }
  }
}

In this example, documents having a date field anytime during the year 2022 will be returned.

5. Nested Query

The nested query is used to search for documents containing nested objects. It allows you to run a query against the nested objects as if they were indexed as separate documents.

Example:

GET /_search
{
"query": {
"nested": {
"path": "comments",
"query": {
"bool": {
"must": [
{ "match": { "comments.author": "John Doe" }},
{ "match": { "comments.text": "elasticsearch" }}
]
}
}
}
}
}

This query will return documents where a comment is authored by “John Doe” and contains the word “elasticsearch”.

6. Multi-Match Query

The multi-match query allows you to search for a term in multiple fields, with the option to specify different types of matching, such as best fields, most fields, or cross fields.

Example:

GET /_search
{
"query": {
"multi_match": {
"query": "elasticsearch",
"fields": ["title^3", "content", "tags"],
"type": "best_fields"
}
}
}

This query searches for the term “elasticsearch” in the “title”, “content”, and “tags” fields, with a higher weight given to the “title” field.

7. Exists Query

The `exists` query can be used to find documents where a field exists and contains a non-null value. The basic syntax for the `exists` query is as follows:

json
{
"query": {
"exists": {
"field": "your_field_name"
}
}
}

Replace `your_field_name` with the name of the field you want to check for non-empty values. Here’s an example that demonstrates how to use the `exists` query to find documents where the `email` field is not empty:

json
{
"query": {
"exists": {
"field": "email"
}
}
}

8. Leveraging Scripting for Custom Scoring

Sometimes, you may need to apply custom scoring logic to your search results. Elasticsearch allows you to use scripting for this purpose. You can use the Painless scripting language to define your custom scoring logic.

Example:

{
"query": {
"function_score": {
"query": { "match_all": {} },
"script_score": {
"script": {
"source": "doc['likes'].value * 0.5 + doc['views'].value * 0.3 + doc['comments_count'].value * 0.2"
}
}
}
}
}

9. Pagination and Search After for Efficient Result Retrieval

When dealing with large result sets, it’s important to use pagination and the search_after parameter for efficient retrieval of results. This helps to avoid deep pagination issues and improves search performance.

Example:

{
"size": 10,
"from": 0,
"sort": [
{ "publish_date": { "order": "desc" } }
],
"query": {
"match": { "title": "Elasticsearch" }
}
}
{
"size": 10,
"search_after": [1609459200000],
"sort": [
{ "publish_date": { "order": "desc" } }
],
"query": {
"match": { "title": "Elasticsearch" }
}
}

Conclusion

Elasticsearch offers a powerful and flexible query language that enables users to search and analyze data effectively. By understanding and utilizing advanced query techniques, such as bool, boosting, nested, and multi-match queries, you can create more precise and relevant search experiences for your users.