Get sorted results after aggregation in elastic search - elasticsearch

I am getting aggregated result for nested object (Minimum price for each nested object)
All of my search results are sorted and now I need minimum value for each result.
Result:
Response from aggregation is not sorted, as it is in my search result (min, some_field)
Question:
Is there any solution to sort the response of aggregation, in the similar way as I am sorting, while getting the search results?
"aggs"
=>
[
"agg_maxper"=> [
"terms"=> [
"field"=> 'id',
'size' => 60
],
"aggs"=> [
"offers"=> [
"nested"=> [
"path"=> "offers"
],
"aggs"=> [
"max_sav_val"=> [
"max"=> [
"field"=> "offers.sav"
]
]
]
]
]
]
]

Related

Elastic Search 6.4.2 combine fuzziness search with exact search

A project at Laravel, more detailed : for Laravel Nova searching.
I have a model rules in ES for finding a specific Model records. It has the following rules
namespace App\Elastic\Rules;
use ScoutElastic\SearchRule;
class BusinessSearch extends SearchRule
/**
* #inheritdoc
*/
public function buildHighlightPayload()
{
return [
'fields' => [
'name' => [
'type' => 'plain'
]
]
];
}
/**
* #inheritdoc
*/
public function buildQueryPayload()
{
$query = $this->builder->query;
return [
'should' => [
[
'multi_match' => [
'query' => $query,
'fuzziness' => 5
]
],
[
'nested' => [
'path' => 'categories',
'query' => [
'bool' => [
'must' => [
'match' => [
'categories.name' => $query
]
]
]
]
]
]
]
];
}
I need somehow to add to this functionality the following :
When user types a value in quotes, it must perform a exact search, otherwise, fuzziness like now. Any ideas about implementing that stuff? Thanks.
Instead of having what query to be executed depending on what input user would provide for this scenario, I have created the below generic query and I suppose that would suffice your requirements.
POST testindex/_search
{
"query":{
"bool":{
"should":[
{
"bool":{
"must":{
"multi_match":{
"query":"something",
"fields":[ "field_1", "field_2" ]
}
}
}
},
{
"bool":{
"must":{
"multi_match":{
"query":"something",
"fields":[ "field_1", "field_2" ],
"fuzziness": 5
}
}
}
}
]
}
}
}
For simplicity, the above query would be something like the below
bool:
should:
bool:
- must [ exact query ]
bool:
- must [ fuzzy query ]
Both the queries would be executed for all inputs, however if the exact query doesn't give you results, the fuzzy query would return you the results.
Now if exact query does return results, fuzzy query may also give you results, except that then the results that are hit by exact query would end up having higher relevancy or _score and therefore would show up in the top of the search result.
Let me know if that helps!

Elasticsearch how to make sure that fuzziness doesn't calculate score

I am using multi_match with fuzziness as AUTO. Fuzziness is changing the score, so when i search for "Tourette" it gives me results with word "Roulette" first and then "Tourette"
"query" => [
"bool" => [
"should" => [
[
"multi_match" => [
"query" => "Tourette",
"fields" => ["synopsis", "details"],
"fuzziness" => "AUTO"
]
]
]
]
]
Please let me know what can be done to make result with word "Tourette" appear first.
Thanks.

Phalcon mongodb aggregate

I am trying to do the aggregation on Phalcon ODM and it returns empty result but same query is working fine on mongodb console
$data = Transaction::aggregate(
[
[
"\$match" => [
"shift_id" => new ObjectID('593d0ed750692f04ca6f2e44')
],
],
[
"\$group" => [
"_id" => [
"payment_method" => "\$paymentMethod"
],
"total" => [
"\$sum" => "\$transactionAmount",
]
],
],
]
);
whenever accessing the total variable and it shows following error.
"PHP message: PHP Notice: Undefined property: MongoDB\Driver\Cursor::$total
Thank you

grok pattern to parse the logs using logstash

I have been trying to parse a sample log file using logstash grok filter but was unable to output the distinguish fields.
my sample logs look like following-
INFO [2016-05-26 11:54:57,741] [main]: org.eclipse.jetty.util.log:?:?- Logging initialized #5776ms`enter code here`
what i want to separate out is INFO, timestamp ,[main] and the message in two parts from from ?:?.
what pattern i have tried in grok filter is ->
match => { "message" => "%{WORD:severity}
%{CISCOTIMESTAMP:timestamp} %{NOTSPACE} %{GREEDYDATA:logmsg}" }
but its not correctly output the pattern.
can please someone provide me the correct grok pattern match!!
Any related help would be useful!!
As it is not clear what exact format do you want to get, I provide you with following filter:
match => { "message" => "%{LOGLEVEL:severity} *\[%{TIMESTAMP_ISO8601:timestamp}\] *\[%{WORD:tread}\]\: *%{NOTSPACE:file} *%{GREEDYDATA:msg}" }
This will effectively split your example to:
{
"severity": [
[
"INFO"
]
],
"timestamp": [
[
"2016-05-26 11:54:57,741"
]
],
"YEAR": [
[
"2016"
]
],
"MONTHNUM": [
[
"05"
]
],
"MONTHDAY": [
[
"26"
]
],
"HOUR": [
[
"11",
null
]
],
"MINUTE": [
[
"54",
null
]
],
"SECOND": [
[
"57,741"
]
],
"ISO8601_TIMEZONE": [
[
null
]
],
"tread": [
[
"main"
]
],
"file": [
[
"org.eclipse.jetty.util.log:?:?-"
]
],
"msg": [
[
"Logging initialized #5776ms`enter code here`"
]
]
}
This doesn't gracefully parse :?:?- part, so adjust it if needed.
Take a look at Grokdebug which is great for on-the-fly filter testing.

Chaining grok filter patterns for logstash

I am trying to configure logstash to manage my various log sources, one of which is Mongrel2. The format used by Mongrel2 is tnetstring, where a log message will take the form
86:9:localhost,12:192.168.33.1,5:57089#10:1411396297#3:GET,1:/,8:HTTP/1.1,3:200#6:145978#]
I want to write my own grok patterns to extract certain fields from the above format. I received help on this question trying to extract the host. So if in grok-patterns I define
M2HOST ^(?:[^:]*\:){2}(?<hostname>[^,]*)
and then in the logstash conf specify
filter {
grok {
match => [ "message", "%{M2HOST}" ]
}
}
it works as expected. The problem I now have is I want to specify multiple patterns e.g. M2HOST, M2ADDR etc. I tried defining additional ones in the same grok-patterns file
M2HOST ^(?:[^:]*\:){2}(?<hostname>[^,]*)
M2ADDR ^(?:[^:]*\:){3}(?<address>[^,]*)
and changing the logstash conf
filter {
grok {
match => [ "message", "%{M2HOST} %{M2ADDR}" ]
}
}
but now I just get the error _grokparsefailure.
with your sample input from other question and with some guessing about the values names the full match would be:
(?:[^:]*:){2}(?<hostname>[^,]*)[^:]*:(?<address>[^,]*)[^:]*:(?<pid>[^#]*)[^:]*:(?<time>[^#]*)[^:]*:(?<method>[^,]*)[^:]*:(?<query>[^,]*)[^:]*:(?<protocol>[^,]*)[^:]*:(?<code>[^#]*)[^:]*:(?<bytes>[^#]*).*
Producing:
{
"hostname": [
[
"localhost"
]
],
"address": [
[
"192.168.33.1"
]
],
"pid": [
[
"57089"
]
],
"time": [
[
"1411396297"
]
],
"method": [
[
"GET"
]
],
"query": [
[
"/"
]
],
"protocol": [
[
"HTTP/1.1"
]
],
"code": [
[
"200"
]
],
"bytes": [
[
"145978"
]
]
}

Resources