Queries

Question 1

How do you do an analysed query (full text)?

Answer 1

GET _search
{
   query: {
     match: {
       "text_entry": "< text to search >"

Question 2

What’s the maximum number of HITS a query can have?

Answer 2

10_000 by default.

If you want more you need to use the scroll API.
TODO: What is the scroll API?

Question 3

What is the relevancy score?

Answer 3

A score of how relevant a document is given an analysed search.
This only affects analysed searches (match query), because it wouldn’t make sense for term queries.

Question 4

How is the relevancy score calculated?

Answer 4

TODO: Learn more about this, is this required for the certification?

Question 5

What’s the difference between match and match_phrase?

Answer 5

Match phrase will match the whole search term, while “match” will match any words in the search term.

Question 6

What analyser is used by default when doing a query?

Answer 6

The analyser specified for the field in the index mappings.

Question 7

How to do a simple multi match query?

Answer 7

GET _search
{
    query: {
         multi_match: {
            query: "< text to search >",
            fields: ["< field to search >", .... ]

Question 8

What is the “query string” query type?

Answer 8

Performs a query with “query string” style params. Allows booleans operation in the query like “this OR that”.

GET _search
{
query: {
“query_string”: {
default_field: “< field to search >”,
query: “< boolean query syntax >”

TODO: Learn more about this query DSL.

Question 9

How do you do a term level query?

Answer 9

GET _search
{
    query: {
       term: {
          < field name >: {
                value: " < keyword to search > "

Question 10

What’s the difference between term and match searches?

Answer 10

Term searches match the whole field is is used with “keyword” type fields, while match queries are analysed: the text is tokenized and intersected with the analysed field in the document, thus allowing partial matches.

Question 11

How do you search for multiple terms on the same field?

Answer 11

GET _search
{
   query: {
       terms: {
           < field name >: [
                " < value 1 >",
                ....,
                " < value n > ",
           ]

Question 12

How do you do a numerical range search?

Answer 12

GET _search
{
      query: {
          range: {
             "< field name >": {
                  gte: < value >,
                  lte: < value >,

TODO: Learn more about this query.

Question 13

What fields can the range query operate on?

Answer 13

numerical and date fields.

Question 14

How do you do a wildcard term query?

Answer 14

GET _search
{
    query: {
         wildcard: {
             "< field name >": {
                 value: "< wildcard term >"

TODO: What’s the performance impact on this?

Question 15

How do you do a regex term query?

Answer 15

GET _search
{
      query: {
          regexp: {
             "< field name >": "< regexp >"

Question 16

How do you create compound queries?

Answer 16

GET _search
{
query: {
bool: {
must: [< term or match query, etc >],
must_not: [< term or match query etc >],
should: [< term or match query etc >],

Question 17

How does a “must” compound query work?

Answer 17

Returns documents that match ALL queries in the must block. (AND query).

Question 18

How does a “must_not” compound query work?

Answer 18

Excludes any document that matches the “must_not” block.

Question 19

How does a “should” compound query work?

Answer 19

Provides optional queries to match that will increase the relevancy score, but they are not required to be present in the document. Only affects the score.

Question 20

How do you make an “OR” query using the “should” block in a compound query?

Answer 20

Set “minimum_should_match” option. This will required that at least N of those queries match. If you set it to 1 it will effectively work an “OR” type of query.

Question 21

How do you use a filter and what is it for?

Answer 21

Filters work the same as queries but they don’t affect the relevancy score and are therefore more efficient.

Same syntax as query.

Question 22

How do you name a query and what do you use it for?

Answer 22

Add it to your query like so:

“term”: {
“field”: {
“_name”: “< query name >”,
“value”: ….

This will add a “matched_queries” field to your search results so you know which queries matches each document.

Question 23

How do you highlight the matching words?

Answer 23

GET _search
{
    query: ....,
    highlight: {
         pre_tags: ["< tag1 >],
         post_tags: [" < / tag 2 >"]
         fields: {
             "< field to highlight >": {}
         }
    }

This will add a “highlight” field to the results.

Question 24

How do you sort the results of a query?

Answer 24

GET _search
{
    "sort": [
        {
            "< field >": {
              order: "< asc | desc >"

TODO: how does it impact score?

Question 25

How do you do pagination in your queries?

Answer 25

It’s paginated by default

GET _search?size=< page size >&from=< offset >

GET _search
{
     size: < page size>,
     from: < offset >,
     query: ....
}

Question 26

What’s the default page size for elastic?

Answer 26

10

Question 27

What is the scroll API, how does it work and what do you use it for?

Answer 27

• Search is limited to 10k documents by default.
• With scroll you set a time window for the search to keep going for a specific amount of time.

# To initiate the scroll
GET _search?scroll=10m&size=< scroll size >

This will return a “scroll_id”

To continue fetching from the scroll

GET _search/scroll
{
scroll: “10m”,
scroll_id: “< scroll id >”

Deleting the scroll

DELETE _search/scroll
{
scroll_id
}

Question 28

What are some best practices for the scroll API?

Answer 28

• Sort your results by id (_doc field)

- Delete the scroll after use

Question 29

How do you close all scrolls at once?

Answer 29

DELETE _search/scroll/_all

Question 30

How do you slice your scroll (run in parallel)?

Answer 30

GET _search/scroll=10m
{
    slice: {
         id: 0,
         max: < max number of slices >
    }

GET _search/scroll=10m
{
    slice: {
         id: N -1 , # up to the number of slices
         max: < max number of slices >
    }

Create a scroll for each “slice”, so you can fetch in parallel each scroll.

Question 31

How to do fuzzy searches in elastic?

Answer 31

# match type
GET _search
{
   query: {
       match: {
           "< field name >": {
                 query: "< text to search >",
                fuzziness: < fuzziness >
          }

# term type
GET _search
{
   query: {
        fuzzy: {
           "< field name >": {
              value: "< value to search > "
             fuzzyness: 1,
             transpositions: true|false

TODO: Read more in the documentation.

Question 32

What does the fuzziness param mean in a fuzzy query?

Answer 32

It’s the number of modifications in the original token.

TODO: Read more about this.

Question 33

What is transposition in a fuzzy query? Give an example.

Answer 33

Whether to allow characters to transpose (flip)

For example:

transposition = true: "teh" matches "the"
transposition = false: "teh" doesn't match "the"

Question 34

How do you create a template query?

Answer 34

# Test the query
GET _search/template
{
    source: {
         query: {
             .....
             value: "{{ param name }}"
         }
    }
    params: {
          "< param name >": "< value >"
    }
}

# Save the query
POST _scripts/< query name to save >
{
   script: {
      lang: "mustache",
      source: {
         ....
     }
   }
}

# Using the query
GET _search/template
{
    id: "< template name >",
    params: {
        ....
    }
}

TODO: What other types of scripts/languages can I create?

Question 35

How do you set default values in a template query?

Answer 35

….
“value”: “{{ param }}{{^param}}< default value >{{/param}}”
….

Question 36

How do you perform a remote cluster search?

Answer 36

GET < cluster name >:< index name>/_search