Reputation: 5108
AND/OR nested queries with different paths in elastic search
I have somewhat deeply nested objects in elastic search. I'm trying to find an effective way of ANDing/ORing them using bool queries.
Below is my mapping
sample:
type:nested
properties:
vendor_detections:
type: "nested"
properties:
vendor_name:
type: string
signature:
type:nested
properties:
name:
type:string
The query which I am trying is give me all samples for whom the detection by a vendor say "microsoft" contains the string "Win32". Below is the query I tried
GET /my_index/sample/_search
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "vendor_detections",
"query": {
"match": {
"vendor_detections.vendor_name": "microsoft"
}
}
}
},
{
"nested": {
"path": "vendor_detections.signature",
"query": {
"wildcard": {
"vendor_detections.signature.name": "Win32*"
}
}
}
},
]
}
}
}
A "sample" containing the document "vendor_detections"
{
"md5sum": ""
"vendor_detections": [{
"vendor_name": "symantec",
"service_name": "spw",
"signature": {
"name": "W32.Wapomi!inf",
"threat": {
"vulnerabilities": [],
"threat_category": {
"name": "Unknown"
},
"targets": []
}
}
}, {
"vendor_name": "kaspersky",
"service_name": "spw",
"signature": {
"name": "Virus.Win32.Qvod.f",
"threat": {
"vulnerabilities": [],
"threat_category": {
"name": "Unknown"
},
"targets": []
}
}
}, {
"vendor_name": "bitdefender",
"service_name": "spw",
"signature": {
"name": "Win32.Viking.AX",
"threat": {
"vulnerabilities": [],
"threat_category": {
"name": "Unknown"
},
"targets": []
}
}
}]
}
However, this is returning me all samples in which signatures of either of the 4 vendors I use in my application contain the string "Win32". How do I resolve this?
Upvotes: 0
Views: 318
Answers (2)
Reputation: 217554
According to the information in your question, i.e. the mapping and the sample document, there's no reason to declare signature as a nested object since you only have a single one per nested vendor_detections object.
Upvotes: 1
Reputation: 556
Try this, i havent checked but it should work.
{
"query": {
"bool": {
"must": [
{
"nested": {
"path": "sample.vendor_detections",
"query": {
"bool": {
"must": [
{
"match": {
"sample.vendor_detections.vendor_name": "microsoft"
}
},
{
"wildcard": {
"sample.vendor_detections.signature.name": "win32*"
}
}
]
}
}
}
}
]
}
}
}
Upvotes: 1
Related Questions
- ElasticSearch query nested path filter OR
- Multi-Nested Elastic Query
- Elasticsearch with nested AND/OR query
- Multiple (AND) queries for a nested index structure in Elasticsearch
- Elastic search combining queries and nested queries together
- nested queries in Elasticsearch
- Querying multiple nested objects on multiple paths
- Elasticsearch Query Help - Multiple Nested AND/OR
- ElasticSearch Nested Query formulation
- Combined non-Nested and Nested Query in Elasticsearch