Let's clear up that confusion right now. Seeing the actual query structure makes a world of difference.
To make this completely clear, let's pretend we have an index called store_products. Before we search, let's look at the type of data we are working with. Imagine our index has documents that look like this:
json
{
"name": "Wireless Noise-Canceling Headphones",
"brand": "Sony",
"category": "Electronics",
"price": 199.99,
"in_stock": true,
"tags": ["audio", "wireless", "gadget"]
}Now, let's look at three detailed, real-world search examples, ranging from simple to advanced.
Example 1: The "Bool" Query (Combining Queries and Filters)
In the real world, you rarely just search for a keyword. Usually, a user types a word, and then clicks some checkboxes to filter the results. In Elasticsearch, we do this using a bool (Boolean) query.
Inside a bool query, we use two main clauses:
must: The results must match this text search (calculates a relevance score).filter: The results must match this exact criteria (fast, cached, does not affect the score).
The Scenario
A user searches your store for the word "wireless" , but they only want items in the "Electronics" category that cost under $250.
The Actual Search Query
json
GET /store_products/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"name": "wireless"
}
}
],
"filter": [
{
"term": {
"category.keyword": "Electronics"
}
},
{
"range": {
"price": {
"lt": 250.00
}
}
}
]
}
}
}💡 Crucial Detail: What is .keyword?
Notice that for the category filter, I wrote "category.keyword" instead of just "category".
category(Text field) is broken down into lowercase tokens for searching (e.g., "electronics").category.keyword(Keyword field) treats the entire string as one exact unit ("Electronics"). When doing exact filters, always use the.keywordversion of a text field.
Example 2: Aggregations (Getting Analytics Data)
Aggregations don't just find documents; they calculate data about your documents. Think of it like a GROUP BY and AVG() in SQL.
The Scenario
You want to build a dashboard sidebar. You need Elasticsearch to look at all your products and tell you:
- How many products are in each
category? (Bucket Aggregation) - What is the
average_priceof the products in each of those categories? (Metric Aggregation)
The Actual Search Query
json
GET /store_products/_search
{
"size": 0,
"aggs": {
"group_by_category": {
"terms": {
"field": "category.keyword"
},
"aggs": {
"average_price": {
"avg": {
"field": "price"
}
}
}
}
}
}💡 Crucial Detail: Why "size": 0?
By default, a search returns the top 10 matching documents plus the aggregation data. By setting "size": 0, we tell Elasticsearch: "I don't want to see individual products. I only want the analytical totals." This makes the query incredibly fast.
Example 3: Putting It All Together (Search, Filter, and Aggregate)
This is the ultimate intermediate query. You can combine everything we just learned into a single request.
The Scenario
A user searches for the word "gadget" . You want to show them the matching items that are in stock , but you also want to show them a breakdown of which brands make those gadgets and how much they cost on average.
The Actual Search Query
json
GET /store_products/_search
{
"size": 5,
"query": {
"bool": {
"must": [
{ "match": { "tags": "gadget" } }
],
"filter": [
{ "term": { "in_stock": true } }
]
}
},
"aggs": {
"brands_breakdown": {
"terms": {
"field": "brand.keyword"
},
"aggs": {
"avg_brand_price": {
"avg": { "field": "price" }
}
}
}
}
}What Elasticsearch will return:
- The top 5 documents (
"size": 5) that have the tag "gadget" and are currently in stock, ranked by how relevant they are to the search. - An aggregation block that only looks at those specific matching gadgets, groups them by brand, and calculates the average price per brand.
If you paste these templates into Elasticvue or Kibana, you can easily change the field names to match your own data!