elasticsearch logo

Elasticsearch mappings and search queries

Elasticsearch Mappings are type definitions for your fields. You can define data types to your fields and also allow/disable dynamic field mapping i.e identifying the type of field automatically.

Mappings

Each mapping just like an index can have multiple types and each type can have its own filed data type definition. Below is an example

PUT my_index 
{
  "mappings": {
    "user": { 
      "_all":       { "enabled": false  }, 
      "properties": { 
        "title":    { "type": "text"  }, 
        "name":     { "type": "text"  }, 
        "age":      { "type": "integer" }  
      }
    },
    "blogpost": { 
      "_all":       { "enabled": false  }, 
      "properties": { 
        "title":    { "type": "text"  }, 
        "body":     { "type": "text"  }, 
        "user_id":  {
          "type":   "keyword" 
        },
        "created":  {
          "type":   "date", 
          "format": "strict_date_optional_time||epoch_millis"
        }
      }
    }
  }
}


Once you specify mapping for a type, elastic will force you to insert data with specified data types.

Dynamic Mapping

If you don’t want to specify a mapping thats fine. Elastic has dynamic mapping enabled by default. If you want to disable dynamic mapping you have set the below setting

PUT my_index/_settings
{
  "index.mapper.dynamic":false 
}

Search Queries

Elasticsearch has a Query DSL which is like Abstract Syntax Tree queries. It has

  • Query and Filter queries
  • Match all query
  • Full text query
  • Term level queries
  • Compound queries
  • Joining queries
  • Geo queries
  • Span queries and more

We are not going through all these queries rather we pick an example and discuss it. Elasticsearch has good documention at Elastic Query DSL

Our example

POST my_index/musicians/_search
{
"sort":["@timestamp":{"order":"desc"}],
"_source":["@timestamp","name","address"],
"query":{
  "constant_score":{
	"filter":{
	  "bool":{
	    "must":[
		  {"term":{"country":"United States"}},
		  {"range":{
				"@timestamp":{
				  "gte":"2017-01-01T09:00:00Z",
				  "lte":"2017-03-27T09:00:00Z"
				  }
			}
		  },
		  {"bool":{
		    "should":[
			  {"wildcard":{"details":"*DJ*"}}
			]
		  }}
	    ]
	  }
	}
  }
},
"from":0,
"size":100
}

The above query retrieves recently performed 100 musicians who are DJ’s from United States performed between Jaunuary 1,2017 9:00 AM and March 27,2017 9:00AM.

The bold words in the query are elastic query keywords. Let us break down the query.

sort
The sort allow you to specify a filed that you need to sort on which is “@timestamp” in our case and order whether asc or desc.

_source
The _source allows you to provide an array of fields that should be returned in your final response.

query
You need to write your query that fetches your results inside this block.

constant_score
Returns a constant score equal to the query boost for every document in the filter.

filter
Filters out the results based on the conditions specified.

must
This is like an “AND” condition, all the conditions specified in the array should be true to get any output documents. You can also use “should” if you need an “OR” like behavior.

term
Term query is like exact match query. The field values should exactly match the value specified.

range
The range query facilitates to filter data between ranges. gte is specified for greater than equal and lte for less than equal. It can be a date range or a number range.

bool
A bool query is like “if” condition, but the bool query can contain multiple conditions either must or should which should all resolve to true to return any documents.

wildcard
The wildcard query matches patterns in text and returns the documents that matched the value. We want to get documents with details containing the word “DJ”.

from/size
Your query resulted in say 200 documents, out of which you want to get documents from 50 to 150. Then you specify from:50-1 and size:100.

Now you know how to write complex queries in elasticsearch, so writing simpler queries should be easy.