EXAM OBJECTIVE: QUERIES
Test site: queries
GOAL: Create search queries for analyzed text, highlight, pagination, and sort
Test Objective: create search statements to analyze, highlight, page, and sort documents
REQUIRED SETUP:
Initialization steps:
Suggested docker compose file: 1e1k_base_cluster.yml
- a running Elasticsearch cluster with at least one node and a Kibana instance,
- Run a cluster with at least 1ES nodes and 1Kibana nodes
- add the "Sample web logs" and "Sample eCommerce orders" to Kibana
- Add "Sample web logs" and "Sample eCommerce orders" to Kibana
- Run the next queries on the kibana_sample_data_logs index
- In kibana_ sample_ data_ Run the following search statement in the logs index
initialization
- Build a cluster, docker compose -f 1e1k_ base_ cluster.yml up -d --build
- Add data:
- Kibana click the kibana icon in the upper left corner to return to the home page
- Click the top column on the right to Add Data to Kibana (the Chinese version is probably "Add Data to Kibana", and there is no Chinese version to test, which depends on the specific translation)
- Click the rightmost column Sample data
- Click Add data of the first and third sample data
- Check data, get_ cat/indices
- If kibana appears_ sample_ data_ Ecommerce and kibana_sample_data_logs, indicating that the addition was successful
green open hamlet_1 5tk876UATbeP6aRbikqaNw 1 0 4 0 4kb 4kb green open .kibana_task_manager 2eUVrIdMTqusMMBTKcymPw 1 0 2 0 21.4kb 21.4kb green open hamlet_2 6OwlCLIhTg-v526MRvNeIg 1 0 4 0 9.8kb 9.8kb green open hamlet_3 dOLRjkPLRc65iBrmQIWpRQ 1 0 3 0 48.6kb 48.6kb green open test CN_uoHfyRSWv8PE6L8RDaA 1 0 2 0 9kb 9kb green open hamlet-new 8GRHRUtFRNG59T3Z_6lm4Q 2 0 8 0 13.7kb 13.7kb green open .kibana_1 lzAn4TPDR_WY7vuJrA8EFA 1 0 88 1 1007.6kb 1007.6kb green open hamlet-1 G-iX2celQtmnqhx5fBlWww 2 0 4 0 7.5kb 7.5kb green open hamlet-2 jWqxhIZEQTC_hF_GE7GgeQ 2 0 4 0 7.5kb 7.5kb yellow open hamlet-raw QLO4rZNgTSKnvPDJuRVLQA 1 3 2 1 19.3kb 19.3kb green open kibana_sample_data_ecommerce -BmN-n3MRgOdtIrINDeufw 1 0 4675 0 4.9mb 4.9mb green open hamlet-new-1 swvrxEElRdydDsXH5IMa2A 1 0 8 0 8.3kb 8.3kb green open kibana_sample_data_logs CfNuYq1kTvelLLVG0T6biA 1 0 14074 0 11.8mb 11.8mb
Question 1, building search statements
- Let's search the kibana_sample_data_logs index for logs that contain the string "Firefox" in their message. Because the data type of the message field is an analysed text, the standard query for performing full-text searches is the match query.
- Let's index kibana_ sample_ data_ Search logs for entries containing the string "Firefox" in the "message" field. Because the data in the "message" field is indexed into analyzed text, the more common full-text search statement is to use the "match" command
- Search for documents with the message field containing the string "Firefox"
- Search for documents that contain the string "Firefox" in the message field
- What do you think would happen if you searched for "firefox" with a lowercase "f"? Nothing, right, because the standard analyzer applied to the message field will lowercase all tokens anyway.
- What do you think will happen if we search with "firefox" (starting with "f" in lowercase)? There is nothing, right? Because the standard analyzer will perform lowercase operation on all the words it processes by default (so it can actually find things)
- By default, a query response can include up to ten results. But what if you wanted to show up to 50 results? And then what if you wanted to fetch the next 50?
- By default, a search command will return up to 10 results, but what if you want to search up to 50? Then what if you want to see another 50?
- Search for documents with the message field containing thestring "Firefox" and return (up to) 50 results.
- Search for documents that contain "Firefox" in the message field and return (up to) 50 results.
- As above, but return up to 50 results with an offset of 50 from the first
- Continue the previous search and return up to 50 results, but add an offset of 50
- Deep pagination is highly inefficient when realised using the from and size parameters, as memory consumption and response time grow with the value of the parameters. The best practice is to use the search_after parameter instead.
- The efficiency of deep page turning is very low, and the memory consumption and response time will increase with the increase of page turning parameters. The best practice is to use search_after instead of from/size
Question 1, solution
-
Search for entries containing "Firefox"
POST kibana_sample_data_logs/_search { "query": { "match": { "message": "Firefox" } } } -
Search documents with "firefox"
POST kibana_sample_data_logs/_search { "query": { "match": { "message": "firefox" } } } -
Search 50 documents
POST kibana_sample_data_logs/_search { "from": 0, "size": 50, "query": { "match": { "message": "Firefox" } } } -
Search 50 pieces of data from offset of 50
POST kibana_sample_data_logs/_search { "from": 50, "size": 50, "query": { "match": { "message": "Firefox" } } } -
Deep page turning with search_after
POST kibana_sample_data_logs/_search { "from": 0, "size": 50, "query": { "match": { "message": "Firefox" } }, "sort": { "_id": "desc" } }- Last 2 returned
{ "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "zb_2FnYBblECTPDi309x", "_score" : null, "_source" : { } }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "zb_2FnYBblECTPDi10hj", "_score" : null, "_source" : { } }- search_after
POST kibana_sample_data_logs/_search { "size": 50, "query": { "match": { "message": "Firefox" } }, "sort": { "_id": "desc" }, "search_after": ["zb_2FnYBblECTPDi309x"] }- Return to the first 2
{ "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "zb_2FnYBblECTPDi10hj", "_score" : null, "_source" : { } }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "zL_2FnYBblECTPDiz0DX", "_score" : null, "_source" : { } }
Question 1, explanation of problem solution
- This question mainly focuses on match query, standard analyzer, paging recall and search_after
- When matching query, ES will process the query statement according to the word splitter of the field when it is not specially specified, and then find all the documents containing any one of all the word elements in the query from the document for recall calculation
- standard analyzer is a conventional word splitter. Half of it will be segmented according to spaces and punctuation marks, and all word elements will be converted to lowercase. It will not do special word element analysis
- Paging recall is mainly to sort the data according to the size in the query statement, and then intercept and return the final result according to from + size
- search_after sorts the data according to the previous sorting method, and then turns the page according to the id rather than the location of the data
- Reference link match query,Reference link - standard analyzer,Reference link - pagination return,Reference link - search after
- Page path - Match query: Query DSL = "Full text queries =" Match "
- Page path - Standard Analyzer: Analysis = Analyzers = Standard Analyzer
- Page path - paging return: Search APIs = "Request Body Search =" From / Size
- Page path - search after: Search your data = "Paginate search results"
Question 2, multi condition matching
- Search for documents with the message field containing the strings "Firefox" or "Kibana"
- Search for documents containing "Firefox" or "Kibana" in the message field
- Search for documents with the message field containing both the strings "Firefox" and "Kibana"
- Search for documents containing "Firefox" and "Kibana" in the message field
- Search for documents with the message field containing at least two of the following strings: "Firefox", "Kibana", "159.64.35.129"
- Search the message field for documents containing at least two strings: "Firefox", "Kibana", "159.64.35.129"
Question 2, solution
- Contains "Firefox" or "Kibana"
POST kibana_sample_data_logs/_search { "query": { "bool": { "should": [ { "match": { "message": "Firefox" } },{ "match": { "message": "Kibana" } } ] } } } - Both "Firefox" and "Kibana" are included
POST kibana_sample_data_logs/_search { "query": { "bool": { "must": [ { "match": { "message": "Firefox" } },{ "match": { "message": "Kibana" } } ] } } } - Contains at least 2
POST kibana_sample_data_logs/_search { "query": { "bool": { "should": [ { "match": { "message": "Firefox" } },{ "match": { "message": "Kibana" } },{ "match": { "message": "159.64.35.129" } } ], "minimum_should_match": 2 } } }
Question 2, explanation of problem solution
- This question mainly focuses on the logical association of multiple search conditions through bool with keywords such as must, should, must_not, etc
- must is similar to the "and" keyword in sql. It is the relationship between "and" / "and"
- must_not is similar to the "not" keyword in sql. It is a "non" relationship
- should is similar to the "or" keyword in sql. It is the relationship between "or"
- minimum_should_match is a restricted field that matches at least several conditions in the should
- Reference link - bool query,Reference link - minimum_should_match
- Page path - bool query: Query DSL - "Compound queries =" Boolean "
- Page path - minimum_should_match: Query DSL = "minimum_should_match parameter"
Question 2, expansion
- If we put aside the bool + should keyword in this question, we may get similar results with the following query
POST kibana_sample_data_logs/_search { "query": { "match": { "message": "Kibana Firefox" } } }- Because in match query, the relationship of all word elements is also or, but in this way, it is impossible to make other logical judgments, and it is impossible to specify the minimum number of matching conditions
Question 3, keyword highlighting
- Search for documents with the message field containing the strings "Firefox" or "Kibana"
- Search the document for messages with "Firefox" or "Kibana" in the message field
- As above, but also return the highlights for the message field
- In the above query results, highlight the hit content of message is returned at the same time
- As above, but also wrap the highlights in "{{" and "}}"
- In the query results above, use "{{" and "}}" to frame the highlighted results
Question 3, solution
-
Search content
POST kibana_sample_data_logs/_search { "size": 1, "query": { "bool": { "should": [ { "match": { "message": "Firefox" } }, { "match": { "message": "Kibana" } } ] } } }- Return value
{ "took" : 2, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 6336, "relation" : "eq" }, "max_score" : 3.9088674, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "F7_2FnYBblECTPDiz0DL", "_score" : 3.9088674, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1", "bytes" : 8489, "clientip" : "159.64.35.129", "extension" : "gz", "geo" : { "srcdest" : "ET:BG", "src" : "ET", "dest" : "BG", "coordinates" : { "lat" : 28.03925, "lon" : -97.54244444 } }, "host" : "artifacts.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "159.64.35.129", "machine" : { "ram" : 16106127360, "os" : "win xp" }, "memory" : null, "message" : """159.64.35.129 - - [2018-07-22T06:06:42.742Z] "GET /kibana/kibana-6.3.2-linux-x86_64.tar.gz_1 HTTP/1.1" 200 8489 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/frederick-w-leslie", "request" : "/kibana/kibana-6.3.2-linux-x86_64.tar.gz", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2020-11-22T06:06:42.742Z", "url" : "https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz_1", "utc_time" : "2020-11-22T06:06:42.742Z" } } ] } } -
Highlight
POST kibana_sample_data_logs/_search { "size": 1, "query": { "bool": { "should": [ { "match": { "message": "Firefox" } }, { "match": { "message": "Kibana" } } ] } }, "highlight": { "fields": { "message": {} } } }- Return value
{ "took" : 4, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 6336, "relation" : "eq" }, "max_score" : 3.9088674, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "F7_2FnYBblECTPDiz0DL", "_score" : 3.9088674, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1", "bytes" : 8489, "clientip" : "159.64.35.129", "extension" : "gz", "geo" : { "srcdest" : "ET:BG", "src" : "ET", "dest" : "BG", "coordinates" : { "lat" : 28.03925, "lon" : -97.54244444 } }, "host" : "artifacts.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "159.64.35.129", "machine" : { "ram" : 16106127360, "os" : "win xp" }, "memory" : null, "message" : """159.64.35.129 - - [2018-07-22T06:06:42.742Z] "GET /kibana/kibana-6.3.2-linux-x86_64.tar.gz_1 HTTP/1.1" 200 8489 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/frederick-w-leslie", "request" : "/kibana/kibana-6.3.2-linux-x86_64.tar.gz", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2020-11-22T06:06:42.742Z", "url" : "https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz_1", "utc_time" : "2020-11-22T06:06:42.742Z" }, "highlight" : { "message" : [ "159.64.35.129 - - [2018-07-22T06:06:42.742Z] \"GET /<em>kibana</em>/<em>kibana</em>-6.3.2-linux-x86_64.tar.gz_1 HTTP/1.1", """" 200 8489 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 <em>Firefox</em>/6.0a1"""" ] } } ] } } -
Frame the highlighted results with "{{" and "}}"
POST kibana_sample_data_logs/_search { "size": 1, "query": { "bool": { "should": [ { "match": { "message": "Firefox" } }, { "match": { "message": "Kibana" } } ] } }, "highlight": { "fields": { "message": { "pre_tags": "{{", "post_tags": "}}" } } } }- Return value
{ "took" : 8, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 6336, "relation" : "eq" }, "max_score" : 3.9088674, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "F7_2FnYBblECTPDiz0DL", "_score" : 3.9088674, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1", "bytes" : 8489, "clientip" : "159.64.35.129", "extension" : "gz", "geo" : { "srcdest" : "ET:BG", "src" : "ET", "dest" : "BG", "coordinates" : { "lat" : 28.03925, "lon" : -97.54244444 } }, "host" : "artifacts.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "159.64.35.129", "machine" : { "ram" : 16106127360, "os" : "win xp" }, "memory" : null, "message" : """159.64.35.129 - - [2018-07-22T06:06:42.742Z] "GET /kibana/kibana-6.3.2-linux-x86_64.tar.gz_1 HTTP/1.1" 200 8489 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/frederick-w-leslie", "request" : "/kibana/kibana-6.3.2-linux-x86_64.tar.gz", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2020-11-22T06:06:42.742Z", "url" : "https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz_1", "utc_time" : "2020-11-22T06:06:42.742Z" }, "highlight" : { "message" : [ "159.64.35.129 - - [2018-07-22T06:06:42.742Z] \"GET /{{kibana}}/{{kibana}}-6.3.2-linux-x86_64.tar.gz_1 HTTP/1.1", """" 200 8489 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 {{Firefox}}/6.0a1"""" ] } } ] } }
Question 3, explanation of problem solution
- This question mainly focuses on highlight and highlight related parameters
- Reference link
- Page path: Search APIs = "Request Body Search =" Highlighting "
Question 4, phrase query and sorting
- Search for documents with the message field containing the phrase "HTTP/1.1 200 51"
- Search for messages that contain phrase "HTTP/1.1 200 51" in the message field
- Search for documents with the message field containing the phrase "HTTP/1.1 200 51", and sort the results by the machine.os field in descending order
- The search message field contains phrase "HTTP/1.1 200 51" and is arranged in descending order of machine.os
- As above, but also sort the results by the timestamp field in ascending order
- Continue with a search, and arrange the timestamp in ascending order at the same time
- Run the next queries on the kibana_sample_data_ecommerce index
- Run the following retrieval in another index kibana_sample_data_ecommerce
- Search for documents with the day_of_week field containing the string "Monday"
- Search for documents containing "Monday" in the day_of_week field
- As above, but sort the results by the products.base_price field in descending order, picking the lowest value of the array
- Continue with the previous search, but arrange the products.base_price field in descending order based on the value of the smallest one in the array
Question 4, solution
-
phrase search
POST kibana_sample_data_logs/_search { "query": { "match_phrase": { "message": "HTTP/1.1 200 51" } } }- Return value
{ "took" : 2, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : 4.335473, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "q7_2FnYBblECTPDi9YIW", "_score" : 4.335473, "_source" : { "agent" : "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", "bytes" : 51, "clientip" : "158.238.118.139", "extension" : "", "geo" : { "srcdest" : "ES:DZ", "src" : "ES", "dest" : "DZ", "coordinates" : { "lat" : 47.3582025, "lon" : -118.6733264 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "158.238.118.139", "machine" : { "ram" : 10737418240, "os" : "win 7" }, "memory" : null, "message" : """158.238.118.139 - - [2018-09-13T12:36:05.476Z] "GET /security-analytics HTTP/1.1" 200 51 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/luca-parmitano", "request" : "/security-analytics", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-14T12:36:05.476Z", "url" : "https://www.elastic.co/solutions/security-analytics", "utc_time" : "2021-01-14T12:36:05.476Z" } }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "Xr_2FnYBblECTPDi832_", "_score" : 4.2687926, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "226.241.242.182", "extension" : "", "geo" : { "srcdest" : "IQ:CN", "src" : "IQ", "dest" : "CN", "coordinates" : { "lat" : 37.76312194, "lon" : -99.96542389 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "226.241.242.182", "machine" : { "ram" : 9663676416, "os" : "win 7" }, "memory" : null, "message" : """226.241.242.182 - - [2018-09-08T15:22:31.285Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/douglas-wheelock", "request" : "/logging", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-09T15:22:31.285Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T15:22:31.285Z" } }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "xL_2FnYBblECTPDi833B", "_score" : 4.2687926, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "243.236.31.15", "extension" : "", "geo" : { "srcdest" : "IN:TH", "src" : "IN", "dest" : "TH", "coordinates" : { "lat" : 37.74532639, "lon" : -111.5701653 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "243.236.31.15", "machine" : { "ram" : 7516192768, "os" : "win xp" }, "memory" : null, "message" : """243.236.31.15 - - [2018-09-08T11:29:16.093Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/michael-foale", "request" : "/logging", "response" : 200, "tags" : [ "success", "security" ], "timestamp" : "2021-01-09T11:29:16.093Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T11:29:16.093Z" } } ] } } -
Add machine.os in descending order
POST kibana_sample_data_logs/_search { "query": { "match_phrase": { "message": "HTTP/1.1 200 51" } }, "sort": { "machine.os": "desc" } }- Return error
{ "error": { "root_cause": [ { "type": "illegal_argument_exception", "reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [machine.os] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead." } ], "type": "search_phase_execution_exception", "reason": "all shards failed", "phase": "query", "grouped": true, "failed_shards": [ { "shard": 0, "index": "kibana_sample_data_logs", "node": "cHK2nQePQo-HoCqwRf97Eg", "reason": { "type": "illegal_argument_exception", "reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [machine.os] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead." } } ], "caused_by": { "type": "illegal_argument_exception", "reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [machine.os] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.", "caused_by": { "type": "illegal_argument_exception", "reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [machine.os] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead." } } }, "status": 400 }POST kibana_sample_data_logs/_search { "query": { "match_phrase": { "message": "HTTP/1.1 200 51" } }, "sort": { "machine.os.keyword": "desc" } }- Return value
{ "took" : 2, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : null, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "xL_2FnYBblECTPDi833B", "_score" : null, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "243.236.31.15", "extension" : "", "geo" : { "srcdest" : "IN:TH", "src" : "IN", "dest" : "TH", "coordinates" : { "lat" : 37.74532639, "lon" : -111.5701653 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "243.236.31.15", "machine" : { "ram" : 7516192768, "os" : "win xp" }, "memory" : null, "message" : """243.236.31.15 - - [2018-09-08T11:29:16.093Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/michael-foale", "request" : "/logging", "response" : 200, "tags" : [ "success", "security" ], "timestamp" : "2021-01-09T11:29:16.093Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T11:29:16.093Z" }, "sort" : [ "win xp" ] }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "Xr_2FnYBblECTPDi832_", "_score" : null, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "226.241.242.182", "extension" : "", "geo" : { "srcdest" : "IQ:CN", "src" : "IQ", "dest" : "CN", "coordinates" : { "lat" : 37.76312194, "lon" : -99.96542389 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "226.241.242.182", "machine" : { "ram" : 9663676416, "os" : "win 7" }, "memory" : null, "message" : """226.241.242.182 - - [2018-09-08T15:22:31.285Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/douglas-wheelock", "request" : "/logging", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-09T15:22:31.285Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T15:22:31.285Z" }, "sort" : [ "win 7" ] }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "q7_2FnYBblECTPDi9YIW", "_score" : null, "_source" : { "agent" : "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", "bytes" : 51, "clientip" : "158.238.118.139", "extension" : "", "geo" : { "srcdest" : "ES:DZ", "src" : "ES", "dest" : "DZ", "coordinates" : { "lat" : 47.3582025, "lon" : -118.6733264 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "158.238.118.139", "machine" : { "ram" : 10737418240, "os" : "win 7" }, "memory" : null, "message" : """158.238.118.139 - - [2018-09-13T12:36:05.476Z] "GET /security-analytics HTTP/1.1" 200 51 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/luca-parmitano", "request" : "/security-analytics", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-14T12:36:05.476Z", "url" : "https://www.elastic.co/solutions/security-analytics", "utc_time" : "2021-01-14T12:36:05.476Z" }, "sort" : [ "win 7" ] } ] } } -
Add timestamp in ascending order
POST kibana_sample_data_logs/_search { "query": { "match_phrase": { "message": "HTTP/1.1 200 51" } }, "sort": [ { "machine.os.keyword": "desc" }, { "timestamp": "asc" } ] }- Return value
{ "took" : 6, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 3, "relation" : "eq" }, "max_score" : null, "hits" : [ { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "xL_2FnYBblECTPDi833B", "_score" : null, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "243.236.31.15", "extension" : "", "geo" : { "srcdest" : "IN:TH", "src" : "IN", "dest" : "TH", "coordinates" : { "lat" : 37.74532639, "lon" : -111.5701653 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "243.236.31.15", "machine" : { "ram" : 7516192768, "os" : "win xp" }, "memory" : null, "message" : """243.236.31.15 - - [2018-09-08T11:29:16.093Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/michael-foale", "request" : "/logging", "response" : 200, "tags" : [ "success", "security" ], "timestamp" : "2021-01-09T11:29:16.093Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T11:29:16.093Z" }, "sort" : [ "win xp", 1610191756093 ] }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "Xr_2FnYBblECTPDi832_", "_score" : null, "_source" : { "agent" : "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24", "bytes" : 51, "clientip" : "226.241.242.182", "extension" : "", "geo" : { "srcdest" : "IQ:CN", "src" : "IQ", "dest" : "CN", "coordinates" : { "lat" : 37.76312194, "lon" : -99.96542389 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "226.241.242.182", "machine" : { "ram" : 9663676416, "os" : "win 7" }, "memory" : null, "message" : """226.241.242.182 - - [2018-09-08T15:22:31.285Z] "GET /logging HTTP/1.1" 200 51 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/douglas-wheelock", "request" : "/logging", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-09T15:22:31.285Z", "url" : "https://www.elastic.co/solutions/logging", "utc_time" : "2021-01-09T15:22:31.285Z" }, "sort" : [ "win 7", 1610205751285 ] }, { "_index" : "kibana_sample_data_logs", "_type" : "_doc", "_id" : "q7_2FnYBblECTPDi9YIW", "_score" : null, "_source" : { "agent" : "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", "bytes" : 51, "clientip" : "158.238.118.139", "extension" : "", "geo" : { "srcdest" : "ES:DZ", "src" : "ES", "dest" : "DZ", "coordinates" : { "lat" : 47.3582025, "lon" : -118.6733264 } }, "host" : "www.elastic.co", "index" : "kibana_sample_data_logs", "ip" : "158.238.118.139", "machine" : { "ram" : 10737418240, "os" : "win 7" }, "memory" : null, "message" : """158.238.118.139 - - [2018-09-13T12:36:05.476Z] "GET /security-analytics HTTP/1.1" 200 51 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"""", "phpmemory" : null, "referer" : "http://www.elastic-elastic-elastic.com/success/luca-parmitano", "request" : "/security-analytics", "response" : 200, "tags" : [ "success", "info" ], "timestamp" : "2021-01-14T12:36:05.476Z", "url" : "https://www.elastic.co/solutions/security-analytics", "utc_time" : "2021-01-14T12:36:05.476Z" }, "sort" : [ "win 7", 1610627765476 ] } ] } } -
Search kibana_sample_data_ecommerce
POST kibana_sample_data_ecommerce/_search
{
"query": {
"match": {
"day_of_week": "Monday"
}
}
}
- Return value
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 579,
"relation" : "eq"
},
"max_score" : 2.0880327,
"hits" : [
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "_7_2FnYBblECTPDi0UGN",
"_score" : 2.0880327,
"_source" : {
"category" : [
"Men's Clothing"
],
"currency" : "EUR",
"customer_first_name" : "Eddie",
"customer_full_name" : "Eddie Underwood",
"customer_gender" : "MALE",
"customer_id" : 38,
"customer_last_name" : "Underwood",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "eddie@underwood-family.zzz",
"manufacturer" : [
"Elitelligence",
"Oceanavigations"
],
"order_date" : "2020-12-14T09:28:48+00:00",
"order_id" : 584677,
"products" : [
{
"base_price" : 11.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Elitelligence",
"tax_amount" : 0,
"product_id" : 6283,
"category" : "Men's Clothing",
"sku" : "ZO0549605496",
"taxless_price" : 11.99,
"unit_discount_amount" : 0,
"min_price" : 6.35,
"_id" : "sold_product_584677_6283",
"discount_amount" : 0,
"created_on" : "2016-12-26T09:28:48+00:00",
"product_name" : "Basic T-shirt - dark blue/white",
"price" : 11.99,
"taxful_price" : 11.99,
"base_unit_price" : 11.99
},
{
"base_price" : 24.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Oceanavigations",
"tax_amount" : 0,
"product_id" : 19400,
"category" : "Men's Clothing",
"sku" : "ZO0299602996",
"taxless_price" : 24.99,
"unit_discount_amount" : 0,
"min_price" : 11.75,
"_id" : "sold_product_584677_19400",
"discount_amount" : 0,
"created_on" : "2016-12-26T09:28:48+00:00",
"product_name" : "Sweatshirt - grey multicolor",
"price" : 24.99,
"taxful_price" : 24.99,
"base_unit_price" : 24.99
}
],
"sku" : [
"ZO0549605496",
"ZO0299602996"
],
"taxful_total_price" : 36.98,
"taxless_total_price" : 36.98,
"total_quantity" : 2,
"total_unique_products" : 2,
"type" : "order",
"user" : "eddie",
"geoip" : {
"country_iso_code" : "EG",
"location" : {
"lon" : 31.3,
"lat" : 30.1
},
"region_name" : "Cairo Governorate",
"continent_name" : "Africa",
"city_name" : "Cairo"
}
}
},
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "A7_2FnYBblECTPDi0UKO",
"_score" : 2.0880327,
"_source" : {
"category" : [
"Men's Clothing",
"Men's Accessories"
],
"currency" : "EUR",
"customer_first_name" : "Eddie",
"customer_full_name" : "Eddie Weber",
"customer_gender" : "MALE",
"customer_id" : 38,
"customer_last_name" : "Weber",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "eddie@weber-family.zzz",
"manufacturer" : [
"Elitelligence"
],
"order_date" : "2020-12-07T03:48:58+00:00",
"order_id" : 574916,
"products" : [
{
"base_price" : 59.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Elitelligence",
"tax_amount" : 0,
"product_id" : 11262,
"category" : "Men's Clothing",
"sku" : "ZO0542505425",
"taxless_price" : 59.99,
"unit_discount_amount" : 0,
"min_price" : 28.2,
"_id" : "sold_product_574916_11262",
"discount_amount" : 0,
"created_on" : "2016-12-19T03:48:58+00:00",
"product_name" : "Winter jacket - black",
"price" : 59.99,
"taxful_price" : 59.99,
"base_unit_price" : 59.99
},
{
"base_price" : 20.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Elitelligence",
"tax_amount" : 0,
"product_id" : 15713,
"category" : "Men's Accessories",
"sku" : "ZO0601306013",
"taxless_price" : 20.99,
"unit_discount_amount" : 0,
"min_price" : 10.7,
"_id" : "sold_product_574916_15713",
"discount_amount" : 0,
"created_on" : "2016-12-19T03:48:58+00:00",
"product_name" : "Watch - green",
"price" : 20.99,
"taxful_price" : 20.99,
"base_unit_price" : 20.99
}
],
"sku" : [
"ZO0542505425",
"ZO0601306013"
],
"taxful_total_price" : 80.98,
"taxless_total_price" : 80.98,
"total_quantity" : 2,
"total_unique_products" : 2,
"type" : "order",
"user" : "eddie",
"geoip" : {
"country_iso_code" : "EG",
"location" : {
"lon" : 31.3,
"lat" : 30.1
},
"region_name" : "Cairo Governorate",
"continent_name" : "Africa",
"city_name" : "Cairo"
}
}
},
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "Bb_2FnYBblECTPDi0UKO",
"_score" : 2.0880327,
"_source" : {
"category" : [
"Men's Clothing"
],
"currency" : "EUR",
"customer_first_name" : "Oliver",
"customer_full_name" : "Oliver Rios",
"customer_gender" : "MALE",
"customer_id" : 7,
"customer_last_name" : "Rios",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "oliver@rios-family.zzz",
"manufacturer" : [
"Low Tide Media",
"Elitelligence"
],
"order_date" : "2020-11-30T09:27:22+00:00",
"order_id" : 565855,
"products" : [
{
"base_price" : 20.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Low Tide Media",
"tax_amount" : 0,
"product_id" : 19919,
"category" : "Men's Clothing",
"sku" : "ZO0417504175",
"taxless_price" : 20.99,
"unit_discount_amount" : 0,
"min_price" : 9.87,
"_id" : "sold_product_565855_19919",
"discount_amount" : 0,
"created_on" : "2016-12-12T09:27:22+00:00",
"product_name" : "Shirt - dark blue white",
"price" : 20.99,
"taxful_price" : 20.99,
"base_unit_price" : 20.99
},
{
"base_price" : 24.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Elitelligence",
"tax_amount" : 0,
"product_id" : 24502,
"category" : "Men's Clothing",
"sku" : "ZO0535205352",
"taxless_price" : 24.99,
"unit_discount_amount" : 0,
"min_price" : 12.49,
"_id" : "sold_product_565855_24502",
"discount_amount" : 0,
"created_on" : "2016-12-12T09:27:22+00:00",
"product_name" : "Slim fit jeans - raw blue",
"price" : 24.99,
"taxful_price" : 24.99,
"base_unit_price" : 24.99
}
],
"sku" : [
"ZO0417504175",
"ZO0535205352"
],
"taxful_total_price" : 45.98,
"taxless_total_price" : 45.98,
"total_quantity" : 2,
"total_unique_products" : 2,
"type" : "order",
"user" : "oliver",
"geoip" : {
"country_iso_code" : "GB",
"location" : {
"lon" : -0.1,
"lat" : 51.5
},
"continent_name" : "Europe"
}
}
}
]
}
}
- For products.base_ The smallest of the price field array is arranged in descending order
POST kibana_sample_data_ecommerce/_search
{
"query": {
"match": {
"day_of_week": "Monday"
}
},
"sort": {
"products.base_price": {
"order": "desc",
"mode": "min"
}
}
}
- Return value
{
"took" : 160,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 579,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "H7_2FnYBblECTPDi2033",
"_score" : null,
"_source" : {
"category" : [
"Men's Clothing"
],
"currency" : "EUR",
"customer_first_name" : "Wagdi",
"customer_full_name" : "Wagdi Shaw",
"customer_gender" : "MALE",
"customer_id" : 15,
"customer_last_name" : "Shaw",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "wagdi@shaw-family.zzz",
"manufacturer" : [
"Oceanavigations"
],
"order_date" : "2020-11-23T06:16:12+00:00",
"order_id" : 739290,
"products" : [
{
"base_price" : 1079.98,
"discount_percentage" : 0,
"quantity" : 2,
"manufacturer" : "Oceanavigations",
"tax_amount" : 0,
"product_id" : 2669,
"category" : "Men's Clothing",
"sku" : "ZO0288302883",
"taxless_price" : 1079.98,
"unit_discount_amount" : 0,
"min_price" : 259.2,
"_id" : "sold_product_739290_2669",
"discount_amount" : 0,
"created_on" : "2016-12-05T06:16:12+00:00",
"product_name" : "Leather jacket - black",
"price" : 1079.98,
"taxful_price" : 1079.98,
"base_unit_price" : 539.99
},
{
"base_price" : 419.98,
"discount_percentage" : 0,
"quantity" : 2,
"manufacturer" : "Oceanavigations",
"tax_amount" : 0,
"product_id" : 16673,
"category" : "Men's Clothing",
"sku" : "ZO0274002740",
"taxless_price" : 419.98,
"unit_discount_amount" : 0,
"min_price" : 113.39,
"_id" : "sold_product_739290_16673",
"discount_amount" : 0,
"created_on" : "2016-12-05T06:16:12+00:00",
"product_name" : "Suit - dark grey",
"price" : 419.98,
"taxful_price" : 419.98,
"base_unit_price" : 209.99
},
{
"base_price" : 399.98,
"discount_percentage" : 0,
"quantity" : 2,
"manufacturer" : "Oceanavigations",
"tax_amount" : 0,
"product_id" : 14843,
"category" : "Men's Clothing",
"sku" : "ZO0291502915",
"taxless_price" : 399.98,
"unit_discount_amount" : 0,
"min_price" : 90,
"_id" : "sold_product_739290_14843",
"discount_amount" : 0,
"created_on" : "2016-12-05T06:16:12+00:00",
"product_name" : "Classic coat - camel multicolor",
"price" : 399.98,
"taxful_price" : 399.98,
"base_unit_price" : 199.99
},
{
"base_price" : 349.98,
"discount_percentage" : 0,
"quantity" : 2,
"manufacturer" : "Oceanavigations",
"tax_amount" : 0,
"product_id" : 24351,
"category" : "Men's Clothing",
"sku" : "ZO0288702887",
"taxless_price" : 349.98,
"unit_discount_amount" : 0,
"min_price" : 82.25,
"_id" : "sold_product_739290_24351",
"discount_amount" : 0,
"created_on" : "2016-12-05T06:16:12+00:00",
"product_name" : "Down coat - black",
"price" : 349.98,
"taxful_price" : 349.98,
"base_unit_price" : 174.99
}
],
"sku" : [
"ZO0288302883",
"ZO0288702887",
"ZO0274002740",
"ZO0291502915"
],
"taxful_total_price" : 2249.92,
"taxless_total_price" : 2249.92,
"total_quantity" : 8,
"total_unique_products" : 4,
"type" : "order",
"user" : "wagdi",
"geoip" : {
"country_iso_code" : "SA",
"location" : {
"lon" : 45,
"lat" : 25
},
"continent_name" : "Asia"
}
},
"sort" : [
350.0
]
},
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "_r_2FnYBblECTPDi4FI2",
"_score" : null,
"_source" : {
"category" : [
"Women's Shoes",
"Women's Clothing"
],
"currency" : "EUR",
"customer_first_name" : "Elyssa",
"customer_full_name" : "Elyssa Davidson",
"customer_gender" : "FEMALE",
"customer_id" : 27,
"customer_last_name" : "Davidson",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "elyssa@davidson-family.zzz",
"manufacturer" : [
"Gnomehouse"
],
"order_date" : "2020-12-07T02:19:41+00:00",
"order_id" : 574828,
"products" : [
{
"base_price" : 74.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Gnomehouse",
"tax_amount" : 0,
"product_id" : 14417,
"category" : "Women's Shoes",
"sku" : "ZO0324903249",
"taxless_price" : 74.99,
"unit_discount_amount" : 0,
"min_price" : 40.49,
"_id" : "sold_product_574828_14417",
"discount_amount" : 0,
"created_on" : "2016-12-19T02:19:41+00:00",
"product_name" : "Lace-up boots - camel",
"price" : 74.99,
"taxful_price" : 74.99,
"base_unit_price" : 74.99
},
{
"base_price" : 99.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Gnomehouse",
"tax_amount" : 0,
"product_id" : 19888,
"category" : "Women's Clothing",
"sku" : "ZO0354103541",
"taxless_price" : 99.99,
"unit_discount_amount" : 0,
"min_price" : 50.99,
"_id" : "sold_product_574828_19888",
"discount_amount" : 0,
"created_on" : "2016-12-19T02:19:41+00:00",
"product_name" : "Classic coat - camel",
"price" : 99.99,
"taxful_price" : 99.99,
"base_unit_price" : 99.99
}
],
"sku" : [
"ZO0324903249",
"ZO0354103541"
],
"taxful_total_price" : 174.98,
"taxless_total_price" : 174.98,
"total_quantity" : 2,
"total_unique_products" : 2,
"type" : "order",
"user" : "elyssa",
"geoip" : {
"country_iso_code" : "US",
"location" : {
"lon" : -74,
"lat" : 40.8
},
"region_name" : "New York",
"continent_name" : "North America",
"city_name" : "New York"
}
},
"sort" : [
75.0
]
},
{
"_index" : "kibana_sample_data_ecommerce",
"_type" : "_doc",
"_id" : "xr_2FnYBblECTPDi0UOY",
"_score" : null,
"_source" : {
"category" : [
"Women's Shoes"
],
"currency" : "EUR",
"customer_first_name" : "Abigail",
"customer_full_name" : "Abigail Phelps",
"customer_gender" : "FEMALE",
"customer_id" : 46,
"customer_last_name" : "Phelps",
"customer_phone" : "",
"day_of_week" : "Monday",
"day_of_week_i" : 0,
"email" : "abigail@phelps-family.zzz",
"manufacturer" : [
"Gnomehouse",
"Karmanite"
],
"order_date" : "2020-11-30T15:18:43+00:00",
"order_id" : 566170,
"products" : [
{
"base_price" : 64.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Gnomehouse",
"tax_amount" : 0,
"product_id" : 7278,
"category" : "Women's Shoes",
"sku" : "ZO0324803248",
"taxless_price" : 64.99,
"unit_discount_amount" : 0,
"min_price" : 31.85,
"_id" : "sold_product_566170_7278",
"discount_amount" : 0,
"created_on" : "2016-12-12T15:18:43+00:00",
"product_name" : "Boots - navy",
"price" : 64.99,
"taxful_price" : 64.99,
"base_unit_price" : 64.99
},
{
"base_price" : 84.99,
"discount_percentage" : 0,
"quantity" : 1,
"manufacturer" : "Karmanite",
"tax_amount" : 0,
"product_id" : 5214,
"category" : "Women's Shoes",
"sku" : "ZO0703907039",
"taxless_price" : 84.99,
"unit_discount_amount" : 0,
"min_price" : 43.34,
"_id" : "sold_product_566170_5214",
"discount_amount" : 0,
"created_on" : "2016-12-12T15:18:43+00:00",
"product_name" : "Ankle boots - wood",
"price" : 84.99,
"taxful_price" : 84.99,
"base_unit_price" : 84.99
}
],
"sku" : [
"ZO0324803248",
"ZO0703907039"
],
"taxful_total_price" : 149.98,
"taxless_total_price" : 149.98,
"total_quantity" : 2,
"total_unique_products" : 2,
"type" : "order",
"user" : "abigail",
"geoip" : {
"country_iso_code" : "GB",
"location" : {
"lon" : -1.9,
"lat" : 52.5
},
"region_name" : "Birmingham",
"continent_name" : "Europe",
"city_name" : "Birmingham"
}
},
"sort" : [
65.0
]
}
]
}
}
Question 4, explanation of problem solution
- This question mainly focuses on phrase query and single / multi field sorting
- phrase query mainly refers to match_phrase is a search command that enforces the order of Search contents. Unlike match, any one of the query (word elements after word segmentation) can be returned when it hits, match_phrase needs to hit the word elements in query in order to return.
-
For the following comparison test, use match and match_ The data that phrase can hit is much worse
POST kibana_sample_data_logs/_count { "query": { "match": { "message": "HTTP/1.1 200 51" } } }- Return value
{ "count" : 14074, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 } }POST kibana_sample_data_logs/_count { "query": { "match_phrase": { "message": "HTTP/1.1 200 51" } } }- Return value
{ "count" : 3, "_shards" : { "total" : 1, "successful" : 1, "skipped" : 0, "failed" : 0 } }
-
- Like mysql, sorting is in positive and reverse order. It can support mixed sorting of single / multiple fields. Multiple fields take effect in the order of sort array
- Since all ES fields support arrays, there may be a need to sort array fields during sorting. Therefore, sort supports array sorting modes such as maximum (max) and minimum (min)
- Reference link match phrase,Reference link sort
- Page path - Match phrase: Query DSL = "Full text queries =" Match phrase "
- Page path - Sort: Search APIs = "Request Body Search =" Sort "
- phrase query mainly refers to match_phrase is a search command that enforces the order of Search contents. Unlike match, any one of the query (word elements after word segmentation) can be returned when it hits, match_phrase needs to hit the word elements in query in order to return.