Query to see if a field contains a string using Query DSL

Asked 13/3, 2019 at 15:48 Answered 24/12, 2021 at 10:20

Solved elasticsearch elastic-stack elasticsearch-dsl

I am trying to filter Kibana for a field that contains the string "pH". The field is called extra.monitor_value_name. Examples of potential values are Temperature_ABC01, DO_ABC01, or pH_ABC01.

Kibana's Elasticsearch Query DSL does not seem to have a "contains string" so I need to custom make a query.

I am new to Query DSL, can you help me create the query?

Also, is it proper to call it Query DSL? I'm not even sure of proper wording.

Odontoid answered 13/3, 2019 at 15:48 Comment(1)

Please add mapping of index and sample document. – Dimer 14/3, 2019 at 3:31

Okay! Circling back with an answer to my own question.

My initial problem stemmed from not knowing about field_name vs field_name.keyword. Read here for info on keyword here: What's the difference between the 'field' and 'field.keyword' fields in Kibana?

Solution 1

Here's the query I ended up using. I used a regexp query. I found this article useful in figuring out syntax for the regexp:

{
  "query": {
    "regexp": {
      "extra.monitor_value_name.keyword": "pH.*"
    }
  }
}

Solution 2

Another way I could have filtered, without Query DSL was typing in a search field: extra.monitor_value_name.keyword:pH*. One interesting thing to note was the .keyword doesn't seem to be necessary with this method. I am not sure why.

Odontoid answered 16/3, 2019 at 1:39 Comment(2)

How to do a not contains "pH.*"? – Cryan 16/12, 2021 at 19:19

@MurtazaHaji. Try this: { "query": { "bool":{ "must_not": [{ "regexp": { "extra.monitor_value_name.keyword": "pH.*" }}]}}}. Make sure you get the square brackets where shown. – Illiquid 4/9, 2023 at 11:43

try this in filter using Elasticsearch Query DSL:

{
  "query": {
    "wildcard": {
      "extra.monitor_value_name": {
        "value": "pH.*"
      }
    }
  }
}

Murcia answered 24/12, 2021 at 10:20 Comment(0)

Recommended topics

Hot tags