elasticsearch-dsl

I want to generate this: GET /packets-2017-09-25/_search { "size": 0, "query": { "match": { "transport_protocol": "tcp" } }, "aggs": { "clients": { "terms": { "field": "layers.ip.src.keyword", "size": 1000, "order":{ "num_servers.value":"desc" } }, "aggs": { "num_servers": { "cardinality": { "field": "layers.ip.dst.keyword", "precision_threshold" : 40000 } }, "server_list": { "terms": { "field": "layers.ip.dst.keyword" } } } } } } i.e I want two buckets (num_servers) and (server_list) under clients. I am trying the below piece of code, which errors out: def get_streams_per_client(proto='tcp',

My mapping is: "properties": { "user": { "type": "nested", "properties": { "id": { "type": "integer" }, "is_active": { "type": "boolean", "null_value": false }, "username": { "type": "string" } } }, I want to get all documents that do not have a user field. I tried: GET /index/type/_search { "query": { "bool": { "must_not": [ { "exists": { "field": "user" } } ] } } } Which returns all documents. Based on ElasticSearch 2.x exists filter for nested field doesn't work , I also tried: GET /index/type/_search { "query": { "nested": { "path": "user", "query": { "bool": { "must_not": [ { "exists": {

I am using elasticsearch-dsl python library to connect to elasticsearch and do aggregations. I am following code search.aggs.bucket('per_date', 'terms', field='date')\ .bucket('response_time_percentile', 'percentiles', field='total_time', percents=percentiles, hdr={"number_of_significant_value_digits": 1}) response = search.execute() This works fine but returns only 10 results in response.aggregations.per_ts.buckets I want all the results I have tried one solution with size=0 as mentioned in this question search.aggs.bucket('per_ts', 'terms', field='ts', size=0)\ .bucket('response_time

I'm having problem with an elasticsearch query. I want to be able to sort the results but elasticsearch is ignoring the sort tag. Here my query: { "sort": [{ "title": {"order": "desc"} }], "query":{ "term": { "title": "pagos" } } } However, when I remove the query part and I send only the sort tag, it works. Can anyone point me out the correct way? I also tried with the following query, which is the complete query that I have: { "sort": [{ "title": {"order": "asc"} }], "query":{ "bool":{ "should":[ { "match":{ "title":{ "query":"Pagos", "boost":9 } } }, { "match":{ "description":{ "query":

I am using Elastic search version 1.7 in my project. I have a an index named colleges and under this index there is a nested index name courses like this. { "name": "College Name" "university": "University Name", "city": 429, "city_name": "London", "state": 328, "state_name": "London", "courses": [ { "id": 26, "degree_name": "Master Of Technology", "annual_fee": 100000, "stream": "Engineering", "degree_id": 9419 }, { "id": 28, "degree_name": "Master Of Philosophy", "annual_fee": 100000, "stream": "Philosophy", "degree_id": 9420 } ] } What I am doing is that I am trying to filter the the

My use case requires to query for our elastic search domain with trailing wildcards. I wanted to get your opinion on the best practices of handling such wildcards in the queries. Do you think adding the following clauses is a good practice for the queries: "query" : { "query_string" : { "query" : "attribute:postfix*", "analyze_wildcard" : true, "allow_leading_wildcard" : false, "use_dis_max" : false } } I've disallowed leading wildcards since it is a heavy operation. However I wanted to how good is analyzing wildcard for every query request in the long run. My understanding is, analyze

Currently i am using the following program to extract the id and its severity information from elastic search . from elasticsearch import Elasticsearch from elasticsearch_dsl import Search, Q client = Elasticsearch( [ #'http://user:secret@10.x.x.11:9200/', 'http://10.x.x.11:9200/', ], verify_certs=True ) s = Search(using=client, index="test") response = s.execute() for hit in response: print hit.message_id, hit.severity, "\n\n" i believe by default the query returns 10 rows. I am having more than 10000 rows in elastic search. I need to fetch all the information. Can some one guide me how to