CODEWITHSUNDEEP
elasticsearchelasticsearch-query
Shokouh Dareshiri
Shokouh Dareshiri

Reputation: 956

Search on multi index in elasticsearch

I want to search objects in Elasticsearch which are combination of two index. Is there a way to search on two index with specific condition on them?

for example: I have an index siem-referencedata-list with lists' metadata. each documents have a subset index base on its id (siem-referencedata-list-documentsId)

how could I set a query that check siem-referencedata-list and its subsets?

I have below query for siem-referencedata-list

POST siem-referencedata-list/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "bool": {
            "should": [
              {
                "query_string": {
                  "default_field": "list.name",
                  "query": "*list1*",
                  "default_operator": "OR"
                }
              }
            ]
          }
        },
        {
          "bool": {
            "should": [
              {
                "query_string": {
                  "default_field": "list.type",
                  "query": "*Keyword*",
                  "default_operator": "OR"
                }
              }
            ]
          }
        }
      ]
    }
  }
}

and also I have below query for indexes base on above documents' id (`siem-referencedata-list-*)

POST siem-referencedata-list-*/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "bool": {
            "should": [
              {
                "query_string": {
                  "query": "*30.3.30.3*"
                }
              }
            ]
          }
        }
      ]
    }
  }
}

How can I set a query to combine them? search items on siem-referencedata-list and also on siem-referencedata-list-* and result items that are both results.

I set two different query and get two different arrays. How can I get intersection of these two arrays?

Upvotes: 0

Views: 229

Answers (2)

Shokouh Dareshiri
Shokouh Dareshiri

Reputation: 956

I added specific word column- into documents of indexes "siem-referencedata-list-*" and I separated query function of "siem-referencedata-list" and its subsets..

POST siem-referencedata-list/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "bool": {
            "should": [
              {
                "query_string": {
                  "query": "*list1*",
                  "fields": ["column-*"]
                }
              }
            ]
          }
        }
      ]
    }
  }
}

Upvotes: 0

Balaji Arun
Balaji Arun

Reputation: 75

this is a workaround add a property to documents in this specific index "siem-referencedata-list" while indexing and use that property to query the documents

Upvotes: 1

Related Questions