my bool query_string Query condition error(version 7.2)
Elasticsearch | 作者 knownsec | 发布于2019年11月18日 | 阅读数:1390
Function request:I need to retrieve the content from two index tables in full-text, and need to support and, or exclusion and other simple symbols. There are nested type fields in a table, and some fields need to be excluded. None of them.
First, I use query string to query:
{
query: {
bool: {
must_not: [
{
term: { available: false },
},
],
must: {
bool: {
should: [
{
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
},
},
],
},
},
},
},
highlight: {
order: 'score',
fragment_size: '80',
number_of_fragments: 1,
pre_tags: ['<mark class="highlight_color">'],
post_tags: ['</mark>'],
fields: {
'*': {},
},
},
};
Good times are not long. If you encounter the content in the nested field, you will not be able to retrieve the content. But I am very happy that the contents of both index tables can be retrieved.
In order to solve the problem that the query string of full-text retrieval can retrieve nested, I looked up a lot of content and finally achieved what I wanted. Later, I changed the condition query。
{
query: {
bool: {
must_not: [
{
term: { available: false },
},
],
must: {
bool: {
should: [
{
nested: {
path: 'extend',
query: {
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
fields: ['extend.v'],
},
},
},
},
{
nested: {
path: 'account_data',
query: {
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
fields: [
'account_data.password',
'account_data.nickName',
'account_data.accountType',
'account_data.account',
'account_data.desc',
],
},
},
},
},
{
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
},
},
],
},
},
},
},
highlight: {
order: 'score',
fragment_size: '80',
number_of_fragments: 1,
pre_tags: ['<mark class="highlight_color">'],
post_tags: ['</mark>'],
fields: {
'*': {},
},
},
}
Good times don't last long, unhappy, terrible things happen again. The above condition query can only query the contents of nested, and report an error. The contents of nested field can be retrieved, but the contents of another index table can't be retrieved, and report an error. The error is as follows.
{
"took": 71,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 5,
"skipped": 0,
"failed": 5,
"failures": [
{
"shard": 0,
"index": "suspect_table",
"node": "Ms5RKmmORAS69eT-QTvFcQ",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: {\n \"bool\" : {\n \"must\" : [\n {\n \"bool\" : {\n \"should\" : [\n {\n \"nested\" : {\n \"query\" : {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [\n \"extend.v^1.0\"\n ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n },\n \"path\" : \"extend\",\n \"ignore_unmapped\" : false,\n \"score_mode\" : \"avg\",\n \"boost\" : 1.0\n }\n },\n {\n \"nested\" : {\n \"query\" : {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [\n \"account_data.account^1.0\",\n \"account_data.accountType^1.0\",\n \"account_data.desc^1.0\",\n \"account_data.nickName^1.0\",\n \"account_data.password^1.0\"\n ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n },\n \"path\" : \"account_data\",\n \"ignore_unmapped\" : false,\n \"score_mode\" : \"avg\",\n \"boost\" : 1.0\n }\n },\n {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [ ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n }\n ],\n \"adjust_pure_negative\" : true,\n \"boost\" : 1.0\n }\n }\n ],\n \"must_not\" : [\n {\n \"term\" : {\n \"available\" : {\n \"value\" : false,\n \"boost\" : 1.0\n }\n }\n }\n ],\n \"adjust_pure_negative\" : true,\n \"boost\" : 1.0\n }\n}",
"index_uuid": "40pL0rfHTI-Dxa8VYqAj9g",
"index": "suspect_table",
"caused_by": {
"type": "illegal_state_exception",
"reason": "[nested] failed to find nested object under path [extend]"
}
}
}
]
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits":
}
}
Expectation: I hope to use query_string to retrieve all fields in full text, and find the contents of nested and multiple tables.
First, I use query string to query:
{
query: {
bool: {
must_not: [
{
term: { available: false },
},
],
must: {
bool: {
should: [
{
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
},
},
],
},
},
},
},
highlight: {
order: 'score',
fragment_size: '80',
number_of_fragments: 1,
pre_tags: ['<mark class="highlight_color">'],
post_tags: ['</mark>'],
fields: {
'*': {},
},
},
};
Good times are not long. If you encounter the content in the nested field, you will not be able to retrieve the content. But I am very happy that the contents of both index tables can be retrieved.
In order to solve the problem that the query string of full-text retrieval can retrieve nested, I looked up a lot of content and finally achieved what I wanted. Later, I changed the condition query。
{
query: {
bool: {
must_not: [
{
term: { available: false },
},
],
must: {
bool: {
should: [
{
nested: {
path: 'extend',
query: {
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
fields: ['extend.v'],
},
},
},
},
{
nested: {
path: 'account_data',
query: {
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
fields: [
'account_data.password',
'account_data.nickName',
'account_data.accountType',
'account_data.account',
'account_data.desc',
],
},
},
},
},
{
query_string: {
fuzzy_transpositions: true,
analyze_wildcard: true,
query: queryString,
allow_leading_wildcard: true,
default_operator: 'OR',
},
},
],
},
},
},
},
highlight: {
order: 'score',
fragment_size: '80',
number_of_fragments: 1,
pre_tags: ['<mark class="highlight_color">'],
post_tags: ['</mark>'],
fields: {
'*': {},
},
},
}
Good times don't last long, unhappy, terrible things happen again. The above condition query can only query the contents of nested, and report an error. The contents of nested field can be retrieved, but the contents of another index table can't be retrieved, and report an error. The error is as follows.
{
"took": 71,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 5,
"skipped": 0,
"failed": 5,
"failures": [
{
"shard": 0,
"index": "suspect_table",
"node": "Ms5RKmmORAS69eT-QTvFcQ",
"reason": {
"type": "query_shard_exception",
"reason": "failed to create query: {\n \"bool\" : {\n \"must\" : [\n {\n \"bool\" : {\n \"should\" : [\n {\n \"nested\" : {\n \"query\" : {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [\n \"extend.v^1.0\"\n ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n },\n \"path\" : \"extend\",\n \"ignore_unmapped\" : false,\n \"score_mode\" : \"avg\",\n \"boost\" : 1.0\n }\n },\n {\n \"nested\" : {\n \"query\" : {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [\n \"account_data.account^1.0\",\n \"account_data.accountType^1.0\",\n \"account_data.desc^1.0\",\n \"account_data.nickName^1.0\",\n \"account_data.password^1.0\"\n ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n },\n \"path\" : \"account_data\",\n \"ignore_unmapped\" : false,\n \"score_mode\" : \"avg\",\n \"boost\" : 1.0\n }\n },\n {\n \"query_string\" : {\n \"query\" : \"'exe'\",\n \"fields\" : [ ],\n \"type\" : \"best_fields\",\n \"default_operator\" : \"or\",\n \"max_determinized_states\" : 10000,\n \"allow_leading_wildcard\" : true,\n \"enable_position_increments\" : true,\n \"fuzziness\" : \"AUTO\",\n \"fuzzy_prefix_length\" : 0,\n \"fuzzy_max_expansions\" : 50,\n \"phrase_slop\" : 0,\n \"analyze_wildcard\" : true,\n \"escape\" : false,\n \"auto_generate_synonyms_phrase_query\" : true,\n \"fuzzy_transpositions\" : true,\n \"boost\" : 1.0\n }\n }\n ],\n \"adjust_pure_negative\" : true,\n \"boost\" : 1.0\n }\n }\n ],\n \"must_not\" : [\n {\n \"term\" : {\n \"available\" : {\n \"value\" : false,\n \"boost\" : 1.0\n }\n }\n }\n ],\n \"adjust_pure_negative\" : true,\n \"boost\" : 1.0\n }\n}",
"index_uuid": "40pL0rfHTI-Dxa8VYqAj9g",
"index": "suspect_table",
"caused_by": {
"type": "illegal_state_exception",
"reason": "[nested] failed to find nested object under path [extend]"
}
}
}
]
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits":
}
}
Expectation: I hope to use query_string to retrieve all fields in full text, and find the contents of nested and multiple tables.
0 个回复