Elasticsearch – Term Level Queries

These are most commonly used to query structured data such as dates and numbers. We can use term level queries to query text fields too. But searching a description field (full-text search) is not something we should use term level queries for. That’s because term level queries find exact matches. Instead, we should use full-text queries.

Searching For Term

This query is searching all the fields who have the value true in is_active field

The above is one version, now writing the same query in a different way.

The above query will give the same output as the previous one. Now let’s see we can search for multiple terms using the terms query. This query shares the same characteristics as a term query only with the exception that this searches for multiple terms. Instead of providing a single value we provide an array of values. The document will match if it contains any of the given values within the field we specify. Since we are using a term level query we are looking for exact values.

Similar to specifying an array of terms we can specify an array of IDs for the documents that we want to fetch by using ids. This is useful if you wanna fetch a number of documents whose id’s you already know.

This only works if the ids are known to us.

Apart from matching specific values for fields, we can also match documents if a value within a range. Since we are dealing with products with our test data, we might want to find the documents that are almost out of stock. For this example, I will match the documents that have a value between 1 and 5. Here gte and lte are greater than and less than.

Apart from numbers, we can also use range queries with date fields. The specified date format is the default date format that elasticsearch uses.

But you can define your own format in the query, by adding a format key.

Let us see how to use data map in the context of the range query. We can also use it for other parts of the elastic search. The way we do it is to specify a date expression consisting of an Anker date, or starting point. This Anker date can be of two formats the keyword now, or date string from the above query. If we use a date string then we need to add two trailing pine symbols. This is just to indicate the end of Anker date to help elasticsearch out when passing the expressions.

We are subtracting one year and one day from the given date.

We can actually round off dates as well. For example, a query may supply date with a time value in which case we can round the time off to midnight by appending “/d”, note that in general values are rounded down, but in the context of range query the rounding depends on the parameters that the dates added for.
In the below example is shown how to round off by month, we simply added a forward slash followed by the capital M. The smaller “m” represents minute.

The rounding does not necessarily have to be placed at the end of expression, we can also place it at the beginning

In this case we are rounding by month before subtracting one year. And since we use gte operator the value has rounded down.

Now we are calculation dates relative to the time.

Next, let’s see how to match documents with at least one non-null value for a given field. So what is a non-null value! Unlike some other languages that have loose typing, the answer is pretty simple in regards to elasticsearch. A non-null value is simply any value that is not null. In PHP an empty string is equal to null unless you do a strict check. But this is not the case in elasticsearch i.e. a field containing an empty string would be matched with an existing query. But not an empty array, cause an array with no values does not satisfy the definition of an exist’s query, which is a field should have at least one non-null value.

The prefix query matches documents the container term within a given field that begins with a given prefix, that means the query is not limited to searching fields containing a single term, but will also it will match a document that has 10 words with in the field if any of the term begins with the specified prefix.

Elasticsearch supports a variety of dynamic queries, one of which is a wildcard query.
Apart from using wildcards, there is an another by which we can dynamically match terms with regular expressions and regex query

First, change the query type to regexp, we have a character class and matching any alphabetic characters in uppercase and lowercase, and require at least one character that’s what the plus symbol is for. Please note that elasticsearch uses Lucene regular expression engine, which is not curl compatible. This means some features are not supported, so we don’t have access to the full regular syntex. A few examples of what not supported \d for writing numeric values and anchors, anchors are dollar sign indicating the beginning or end of a line or string. Anchors are not useful anyway because we are searching through terms, the regular expression applied through the terms are within a field and not the whole value of the field. This is an important thing to remember when working with fields that contains multiple words, such as our name and description fields. This is the nature of term level queries.