Blog Detail

preview image Programming
by Anurag Srivastava, Aug 10, 2018, 7:14:40 PM | 5 minutes

Wildcard and Boolean Search in Elasticsearch

In my last blog, I have explained basic Elasticsearch queries using which we can create basic search queries. Now in this blog, I will explain advanced search queries using which we can construct more complex queries like boolean queries, wildcard queries, etc. So let's start to create the search queries:

Wildcard Query:

Using wildcard queries we can search for items without knowing the exact spelling. Means if someone is not knowing the exact spelling of a word then also he/she can search that word. See the below example:

GET /blogs/technical/_search
{
"query": {
"wildcard": {
"topic": "ki??na"
}
}
}

In the above query, we are looking for a word which starts with 'ki' and ends with 'na' with exactly two characters which is marked as '?'. After executing the above search we will get the following result:

{
  "took": 5,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 1,
    "hits": [
      {
        "_index": "blogs",
        "_type": "technical",
        "_id": "2",
        "_score": 1,
        "_source": {
          "topic": "introduction to Kibana"
        }
      }
    ]
  }
}

The result shows the topic "introduction to Kibana" because of the wildcard search 'ki??na' matches to this topic. In my previous blogs of Elasticsearch I have explained the steps to index the documents so please refer to them if you want to know the basics of Elasticsearch. If we don't know the exact character length then we can run the following query:

GET /blogs/technical/_search
{
  "query": {
    "wildcard": {
      "topic": "k*na"
    }
  }
}

In the above query, we only know that the word starts with "k" and ends with "na" but we don't know the number of characters in between. Even if we don't know the end of the word then we can type the starting character and just pass a '*', it will fetch all words which start with the given character irrespective of the length of the matching word.

Boolean Query:

The boolean query is used to search the results on the basis of joining them with 'or', 'and', 'not' conditions. Like joining two conditions with any of them for example:

"name": "anurag"  and "age": "30"
"name": "anurag"  or "name": kapil"

 Above examples are just a representation and not the actual Elasticsearch query. Now let's understand how we can achieve the same type of conditions in Elasticsearch. See the below example:

GET /blogs/technical/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "_type": "technical"
          }
        }
      ],
      "must_not": [
        {
          "match": {
            "topic": "kibana"
          }
        }
      ]
    }
  }
}

In the above query, I am applying the boolean query by passing the "bool" key after the "query" keyword and then under "bool" block I have provided two blocks "must" and "must_not". These two blocks have a totally different meaning as "must" is there to ensure the existence of the given condition inside the block while "must_not" is there to ensure non-existence of the given condition inside on the block. Now under "must" block I have added "match" block to match the "_type" key with value as "technical" and under "must_not" I have added, "match" block to match the "topic" with "kibana".

So what will happen? in the above query, Elasticsearch will exclude all documents where topic matches with "Kibana" and will include where "_type" key matches with value "technical". Above query will return the following result:

{
  "took": 3,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 1,
    "hits": [
      {
        "_index": "blogs",
        "_type": "technical",
        "_id": "1",
        "_score": 1,
        "_source": {
          "topic": "introduction to Elasticsearch",
          "category": "ELK"
        }
      }
    ]
  }
}

In the above result, we have found the "_type" as "technical" and "topic" as "introduction to Elasticsearch" and there is no "Kibana". Take one more example:

GET /blogs/technical/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "_type": "technical"
          }
        },
        {
          "match": {
            "topic": "kibana"
          }
        }
      ]
    }
  }
}

In the above query, we are matching the "_type" as "technical" and "topic" as "kibana" with a "must" condition, so it will return the documents where both of these items are matched. Take one more example:

GET /blogs/technical/_search
{
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "_type": "technical"
          }
        },
        {
          "match": {
            "topic": "kibana"
          }
        }
      ]
    }
  }
}

In the above query, I have replaced the "must" with "should" so now query will list all those documents where the "_type" matches with "technical" or "topic" match with "kibana". So basically here we will get both documents with topic Kibana and Elasticsearch. If I replace the "should" keyword with "must_not" then it will exclude both the conditions and we will not get a single document.

In this blog, I have tried to explain the wildcard query and boolean query of Elasticsearch.


Other Blogs on Elastic Stack:
Introduction to Elasticsearch

Elasticsearch Installation and Configuration on Ubuntu 14.04
Log analysis with Elastic stack 
Elasticsearch Rest API
Basics of Data Search in Elasticsearch
Elasticsearch Rest API
Wildcard and Boolean Search in Elasticsearch
Configure Logstash to push MySQL data into Elasticsearch 
Metrics Aggregation in Elasticsearch
Bucket Aggregation in Elasticsearch
How to create Elasticsearch Cluster

If you found this article interesting, you can explore  "Mastering Kibana 6.0" and "Kibana 7 Quick Start Guide" to get more insight about Kibana and how we can configure ELK to create dashboards for key performance indicators.

About Author

Anurag Srivastava

Author | Blogger | Tech Lead | Elastic Stack | Innovator |

View Profile

Comments (0)

Leave a comment

Related Blogs

Metrics Aggregation in Elasticsearch

Aug 18, 2018, 6:02:20 PM | Anurag Srivastava

Basics of Data Search in Elasticsearch

Aug 4, 2018, 7:02:21 AM | Anurag Srivastava

Elasticsearch Rest API

Jul 31, 2018, 6:16:42 PM | Anurag Srivastava

Bucket Aggregation in Elasticsearch

Aug 29, 2018, 7:15:06 PM | Anurag Srivastava

Introduction to Elasticsearch Aggregations

Aug 14, 2018, 4:47:56 PM | Anurag Srivastava

Create a Pie Chart in Kibana

Dec 24, 2018, 5:25:28 PM | Anurag Srivastava

Create word cloud in Python

Jun 30, 2018, 6:06:45 AM | Anurag Srivastava

Typecasting in PHP for short datatype

Jun 8, 2018, 8:03:52 AM | Lovish Sharma

Top Blogs

Configure SonarQube Scanner with Jenkins

Jun 21, 2018, 4:58:11 AM | Anurag Srivastava

Build and deploy Angular code using Python

Jun 26, 2018, 4:50:18 PM | Anurag Srivastava

Configure Jenkins for Automated Code Deployment

Jun 13, 2018, 3:44:01 PM | Anurag Srivastava

SonarQube installation on Ubuntu

May 12, 2018, 4:47:07 PM | Anurag Srivastava

Execute Commands on Remote Machines using sshpass

Jul 16, 2018, 5:00:02 PM | Anurag Srivastava

Why SonarQube is important for IT projects ?

Apr 24, 2018, 2:52:28 PM | Anurag Srivastava

Elasticsearch Rest API

Jul 31, 2018, 6:16:42 PM | Anurag Srivastava

Analyze your project with SonarQube

Jun 2, 2018, 10:49:54 AM | Anurag Srivastava

Wildcard and Boolean Search in Elasticsearch

Aug 10, 2018, 7:14:40 PM | Anurag Srivastava

Install Jenkins on Ubuntu

May 26, 2018, 6:42:02 PM | Anurag Srivastava