ElasticSearch multiple string to search with wildcard query

2
votes

I'm trying to have multiple wildcard query match in my elasticsearch query in Kibana. I can't quite figure it out.

Basically I want any document with an attribute type="erreur"

and I want to exclude all documents that match the strings "An established*" or "java.lang.*" on the field descr_courte

{
  "query": {
    "bool": {
      "must": {
        "term": {
          "type": "erreur"
        }
  },
      "must_not": {
        "wildcard": {
          "descr_courte": ["An established*", "java.lang.*"]
        }
      }
    }
  }
}

if I put a single wildcard query it works fine

{
 "query": {
    "bool": {
      "must": {
        "term": {
          "type": "erreur"
        }
      },
      "must_not": {
        "wildcard": {
          "descr_courte": 
            "An established*"
        }
      }
    }
  }
}

the error I get:

Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"illegal_state_exception","reason":"Can't get text on a START_ARRAY at 1:454"}],"type":"search_phase_execution_exception","reason":"all shards Any idea?

2
elasticsearch
so, what's not working?Mysterion
Have you tried that query? Have you tested it on your application?I.G. Pascual
What version are you using?raam86

2 Answers

4
votes

Try putting them is separate clauses. 

{
  "query": {
    "bool": {
      "must": {
        "term": {
          "type": "erreur"
        },
        "must_not": [
          {
            "wildcard": {
              "descr_courte": "An established*"
            }
          },
          {
            "wildcard": {
              "descr_courte": "java.lang.*"
            }
          }
        ]
      }
    }
  }
}
1
votes

My guess is that you can't make an array for wildcard query like ["An established*", "java.lang.*"], so you need to:

{
 "query": {
    "{
      "must": {
        "term": {
          "type": "erreur"
        }
      },
      "must_not": {
        "regexp": {
          "descr_courte": "(An established|java\.lang\.).*"
        }
      }
    }
  }
}

More info about regexp query in https://www.elastic.co/guide/en/elasticsearch/reference/5.1/query-dsl-regexp-query.html

Another option is to combine your query terms with the logical operators NOT, AND and OR in the query string

{
 "query": {
    "query_string" : {
        "query" : "type:erreur AND NOT(descr_courte:An established* OR descr_courte:java.lang.*)"
    }
  }
}

See more info at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_wildcards