Elasticsearch Start searching

Red丶哞2025-03-25 11:04

Once you have ingested some data into an Elasticsearch index, you can search it by sending requests to the _search endpoint. To access the full suite of search capabilities, you use the Elasticsearch Query DSL to specify the search criteria in the request body. You specify the name of the index you want to search in the request URI.

For example, the following request retrieves all documents in the bank index sorted by account number:

复制代码 
GET /bank/_search
{
  "query": { "match_all": {} },
  "sort": [
    { "account_number": "asc" }
  ]
}

By default, the hits section of the response includes the first 10 documents that match the search criteria:

复制代码 
{
  "took" : 63,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
        "value": 1000,
        "relation": "eq"
    },
    "max_score" : null,
    "hits" : [ {
      "_index" : "bank",
      "_type" : "_doc",
      "_id" : "0",
      "sort": [0],
      "_score" : null,
      "_source" : {"account_number":0,"balance":16623,"firstname":"Bradshaw","lastname":"Mckenzie","age":29,"gender":"F","address":"244 Columbus Place","employer":"Euron","email":"bradshawmckenzie@euron.com","city":"Hobucken","state":"CO"}
    }, {
      "_index" : "bank",
      "_type" : "_doc",
      "_id" : "1",
      "sort": [1],
      "_score" : null,
      "_source" : {"account_number":1,"balance":39225,"firstname":"Amber","lastname":"Duke","age":32,"gender":"M","address":"880 Holmes Lane","employer":"Pyrami","email":"amberduke@pyrami.com","city":"Brogan","state":"IL"}
    }, ...
    ]
  }
}

The response also provides the following information about the search request:

  • took -- how long it took Elasticsearch to run the query, in milliseconds
  • timed_out -- whether or not the search request timed out
  • _shards -- how many shards were searched and a breakdown of how many shards succeeded, failed, or were skipped.
  • max_score -- the score of the most relevant document found
  • hits.total.value - how many matching documents were found
  • hits.sort - the document's sort position (when not sorting by relevance score)
  • hits._score - the document's relevance score (not applicable when using match_all)

Each search request is self-contained: Elasticsearch does not maintain any state information across requests. To page through the search hits, specify the from and size parameters in your request.

For example, the following request gets hits 10 through 19:

复制代码 
GET /bank/_search
{
  "query": { "match_all": {} },
  "sort": [
    { "account_number": "asc" }
  ],
  "from": 10,
  "size": 10
}

Now that you've seen how to submit a basic search request, you can start to construct queries that are a bit more interesting than match_all.

To search for specific terms within a field, you can use a match query. For example, the following request searches the address field to find customers whose addresses contain mill or lane:

复制代码 
GET /bank/_search
{
  "query": { "match": { "address": "mill lane" } }
}

To perform a phrase search rather than matching individual terms, you use match_phrase instead of match. For example, the following request only matches addresses that contain the phrase mill lane:

复制代码 
GET /bank/_search
{
  "query": { "match_phrase": { "address": "mill lane" } }
}

To construct more complex queries, you can use a bool query to combine multiple query criteria. You can designate criteria as required (must match), desirable (should match), or undesirable (must not match).

For example, the following request searches the bank index for accounts that belong to customers who are 40 years old, but excludes anyone who lives in Idaho (ID):

复制代码 
GET /bank/_search
{
  "query": {
    "bool": {
      "must": [
        { "match": { "age": "40" } }
      ],
      "must_not": [
        { "match": { "state": "ID" } }
      ]
    }
  }
}

Each must, should, and must_not element in a Boolean query is referred to as a query clause. How well a document meets the criteria in each must or should clause contributes to the document's relevance score. The higher the score, the better the document matches your search criteria. By default, Elasticsearch returns documents ranked by these relevance scores.

The criteria in a must_not clause is treated as a filter. It affects whether or not the document is included in the results, but does not contribute to how documents are scored. You can also explicitly specify arbitrary filters to include or exclude documents based on structured data.

For example, the following request uses a range filter to limit the results to accounts with a balance between 20,000 and 30,000 (inclusive).

复制代码 
GET /bank/_search
{
  "query": {
    "bool": {
      "must": { "match_all": {} },
      "filter": {
        "range": {
          "balance": {
            "gte": 20000,
            "lte": 30000
          }
        }
      }
    }
  }
}
相关推荐
Hello.Reader1 分钟前
Flink 内置 Watermark 生成器单调递增与有界乱序怎么选?
大数据·flink
工作中的程序员2 分钟前
flink UTDF函数
大数据·flink
工作中的程序员8 分钟前
flink keyby使用与总结 基础片段梳理
大数据·flink
Hy行者勇哥34 分钟前
数据中台的数据源与数据处理流程
大数据·前端·人工智能·学习·个人开发
00后程序员张1 小时前
RabbitMQ核心机制
java·大数据·分布式
AutoMQ1 小时前
10.17 上海 Google Meetup:从数据出发,解锁 AI 助力增长的新边界
大数据·人工智能
武子康1 小时前
大数据-119 - Flink Flink 窗口(Window)全解析:Tumbling、Sliding、Session 应用场景 使用详解 最佳实践
大数据·后端·flink
Elasticsearch1 小时前
在 Elastic Cloud on Kubernetes 部署中的多租户示例架构
elasticsearch
阿水实证通2 小时前
能源经济大赛选题推荐:新能源汽车试点城市政策对能源消耗的负面影响——基于技术替代效应的视角
大数据·人工智能·汽车
热门推荐
01两千字总结:Codex 国内如何安装和使用的教程,以及如何设置中文回答02GitHub 镜像站点03KGG转MP3工具|非KGM文件|解密音频04UV安装并设置国内源05Linux下V2Ray安装配置指南06jdk21下载、安装(Windows、Linux、macOS)07BongoCat - 跨平台键盘猫动画工具08PHP htmlspecialchars()函数详解0946个Nano-banana 精选提示词,持续更新中10Claude Code & 智谱GLM-4.5 环境配置指南 (Windows/macOS/Ubuntu)